manualshive.com logo in svg

Check Point SMB 1500 Series, Reference Manual

The Check Point SMB 1500 Series Reference Manual is an essential resource for users seeking comprehensive guidance on maximizing the capabilities of their Check Point product. This manual is available for free download from our website, manualshive.com, ensuring easy access to this valuable resource.

Share
Download
background image

set interface

SMB 1500 Appliance Series R80.20.05 CLI Reference Guide   |   433

Example

set interface My_Network ipv4-address 192.168.1.100 subnet-mask

255.255.255.0 default-gw 192.168.1.1 dns-primary 192.168.1.1 dns-

secondary 192.168.1.2 dns-tertiary 192.168.1.3

Summary of Contents for SMB 1500 Series

Page 1: ... Classification Protected 30 March 2020 SMB 1500 APPLIANCE SERIES R80 20 05 CLI Reference Guide ...

Page 2: ...en authorization of Check Point While every precaution has been taken in the preparation of this book Check Point assumes no responsibility for errors or omissions This publication and features described herein are subject to change without notice RESTRICTED RIGHTS LEGEND Use duplication or disclosure by the government is subject to restrictions as set forth in subparagraph c 1 ii of the Rights in...

Page 3: ...ons For third party independent certification of Check Point products see the Check Point Certifications page Check Point R80 20 05 For more about this release see the R80 20 05 home page Latest Version of this Document Open the latest version of this document in a Web browser Download the latest version of this document in PDF format Feedback Check Point is engaged in a continuous effort to impro...

Page 4: ...rule type incoming internal and vpn 56 add access rule type incoming internal and vpn 57 delete access rule type incoming internal and vpn 59 set access rule type incoming internal and vpn 60 show access rule type incoming internal and vpn 63 additional hw settings 64 set additional hw settings 65 show additional hw settings 66 additional management settings 67 set additional management settings 6...

Page 5: ...dmin access ipv4 address 91 add admin access ipv4 address 92 delete admin access ipv4 address 93 show admin access ipv4 addresses 94 delete admin access ipv4 address all 95 administrator 96 add administrator 97 delete administrator 98 set administrator 99 set administrator 100 set administrator 101 set administrators 102 set administrators 103 show administrator 104 show administrators 105 show ad...

Page 6: ...set aggressive aging 119 set aggressive aging 120 set aggressive aging 123 show aggressive aging 124 show aggressive aging 125 show aggressive aging 126 antispam 127 set antispam 128 set antispam 129 set antispam 131 set antispam 132 set antispam 133 set antispam 134 set antispam 135 set antispam 136 set antispam 137 set antispam 138 show antispam 139 show antispam 140 show antispam 141 antispam a...

Page 7: ...ked sender 155 delete antispam blocked sender 156 delete antispam blocked sender 157 delete antispam blocked sender 158 show antispam blocked senders 159 application 160 add application 161 add application 162 add application 163 delete application 164 delete application 165 delete application 166 find application 167 set application 168 set application 169 set application 170 set application 171 ...

Page 8: ...ontrol engine settings 192 set application control engine settings 193 set application control engine settings 194 set application control engine settings 195 set application control engine settings 196 show application control engine settings 197 application group 198 add application group 199 delete application group 200 delete application group 201 delete application group 202 set application g...

Page 9: ...set blade update schedule 223 set blade update schedule 225 set blade update schedule 226 show blade update schedule 227 show blade update schedule 228 show blade update schedule 229 bookmark 230 add bookmark 231 delete bookmark 233 delete bookmark 234 delete bookmark 235 set bookmark 236 show bookmark 238 show bookmarks 239 bridge 240 add bridge 241 delete bridge 242 set bridge 243 set bridge 244...

Page 10: ... services 263 show cloud services connection details 264 cloud services firmware upgrade 265 set cloud services firmware upgrade 266 set cloud services firmware upgrade 267 set cloud services firmware upgrade 268 set cloud services firmware upgrade 269 show cloud services firmware upgrade 270 show cloud services firmware upgrade 271 show cloud services firmware upgrade 272 show cloud service manag...

Page 11: ... relay 302 show dhcp relay 303 show dhcp servers 304 dhcp server interface 305 delete dhcp server interface 306 set dhcp server interface 307 set dhcp server interface 308 set dhcp server interface 309 set dhcp server interface 310 set dhcp server interface 311 set dhcp server interface 312 set dhcp server interface 313 set dhcp server interface 314 set dhcp server interface 315 set dhcp server in...

Page 12: ...nterface 327 set dhcp server interface 328 set dhcp server interface 329 show dhcp server interface 330 show dhcp server interface 331 show dhcp server interface 332 show diag 333 show disk usage 334 dns 335 delete dns 336 delete dns 337 delete dns 338 delete dns 339 delete dns 340 set dns 341 set dns 342 set dns 343 set dns 344 set dns 345 show dns 346 show dns 347 show dns 348 dsl 349 set dsl ad...

Page 13: ...ificate 368 fetch policy 369 fw commands 370 fw policy 372 set fw policy 373 set fw policy 374 set fw policy 375 set fw policy 376 show fw policy 377 show fw policy 378 show fw policy 379 show fw policy 380 set fw policy user check accept 381 set fw policy user check ask 382 set fw policy user check block 384 set fw policy user check block device 385 set fw policy user check block infected device ...

Page 14: ...st 403 set host 404 show host 406 show hosts 407 hotspot 408 set hotspot 409 set hotspot 410 set hotspot 412 set hotspot 413 set hotspot 414 set hotspot 415 show hotspot 416 show hotspot 417 show hotspot 418 https categorization 419 set https categorization 420 set https categorization 421 set https categorization 422 set https categorization 423 show https categorization 424 interface 425 add int...

Page 15: ... set interface 441 set interface 442 show interface 443 show interfaces 444 show interfaces all 445 interface alias 446 add interface alias 446 delete interface alias 447 set interface alias 448 interface bond 449 add interface bond 449 delete interface bond 450 set interface bond 451 set interface bond 452 set interface bond 453 show interface bond 454 show interfaces bond 455 internal certificat...

Page 16: ...delete interface loopback 469 internet 470 add internet connection interface cellular 470 set internet 471 set internet connection VALUE type cellular 471 show internet 473 internet connection 474 add internet connection 475 add internet connection physical interface 476 WAN 476 ADSL 481 DSL 485 DMZ 488 add internet connection 3G 4G modem 496 delete internet connection 498 delete internet connecti...

Page 17: ...on 522 show internet connection 523 show internet connection 524 show internet connection 525 show internet connections 526 show internet connections table 527 internet connection bond 528 delete internet connection bond 528 set internet connection bond 529 set internet connection bond 530 set internet connection bond 531 show internet connection bond 532 show internet connections bond 533 interne...

Page 18: ...553 set local group 554 set local group 555 set local group 556 show local group 557 show local groups 558 set local group users 559 set local group users 560 set local group users 561 local user 562 add local user 563 delete local user 565 delete local user 566 delete local user 567 set local user 568 set local user 569 set local user 571 set local user 572 show local user 573 show local users 57...

Page 19: ... filtering settings 589 set mac filtering settings 590 set mac filtering settings 591 set mac filtering settings 592 set mac filtering settings 593 show mac filtering settings 594 show mac filtering settings 595 show mac filtering settings 596 set mobile settings 597 set mobile settings 598 show mobile settings 599 mobile device 600 revoke mobile device 600 mobile settings 601 set mobile settings ...

Page 20: ...itor mode networks 612 monitor mode configuration 613 set monitor mode configuration 614 show monitor mode configuration 615 message 616 set message 617 show message 618 show message 619 show memory usage 620 nat 621 set nat 622 set nat 623 set nat 624 set nat 625 set nat 626 set nat 627 set nat 628 set nat 629 set nat 630 set nat 631 set nat 632 set nat 633 set nat 634 set nat 635 show nat 636 sh...

Page 21: ...52 add netflow collector 653 delete netflow collector 654 set netflow collector 655 show netflow collector 656 show netflow collectors 657 network 658 add network 659 delete network 660 set network 661 show network 662 show networks 663 show notifications log 664 notifications policy 665 set notifications policy 666 set notifications policy 667 set notifications policy 668 show notifications polic...

Page 22: ...4 set periodic backup 685 show periodic backup 687 set property 688 privacy settings 689 set privacy settings 690 show privacy settings 691 proxy 692 delete proxy 693 set proxy 694 set proxy 695 set proxy 696 show proxy 697 qos 698 set qos 699 set qos 700 set qos 701 set qos 702 set qos 703 show qos 704 show qos 705 show qos 706 qos delay sensitive service 707 set qos delay sensitive service 708 s...

Page 23: ...width selected services 716 qos rule 717 add qos rule 718 delete qos rule 721 delete qos rule 722 delete qos rule 723 set qos rule 724 set qos rule 725 set qos rule 728 show qos rule 731 show qos rule 732 show qos rule 733 show qos rules 734 radius server 735 delete radius server 736 set radius server 737 show radius server 738 show radius servers 739 reach my device 740 set reach my device 741 se...

Page 24: ...t settings 759 show report settings 760 show rule hits 761 show saved image 762 update security blades 763 security management 764 connect security management 765 set security management 766 set security management 767 set security management 768 show security management 769 serial port 770 set serial port 771 set serial port 772 set serial port 773 set serial port 774 set serial port nine pin 775...

Page 25: ...ice group 795 set service group 796 show service group 797 show service groups 798 service icmp 799 add service icmp 800 delete service icmp 801 set service icmp 802 show service icmp 803 add service protocol 804 service protocol 805 delete service protocol 806 set service protocol 807 show service protocol 809 show services protocol 810 set server server access 811 set server server nat settings ...

Page 26: ... default DNS_UDP 840 show service system default DNS_UDP 841 set service system default FTP 842 show service system default FTP 844 set service system default FTP firewall settings 845 show service system default FTP firewall settings 846 set service system default GRE 847 show service system default GRE 849 set service system default H323 850 show service system default H323 852 set service syste...

Page 27: ...1 show service system default NetShow 883 set service system default NNTP 884 show service system default NNTP 886 set service system default POP3 887 show service system default POP3 889 set service system default PPTP_TCP 890 show service system default PPTP_TCP 892 set service system default PPTP_TCP ips settings 893 show service system default PPTP_TCP ips settings 894 set service system defau...

Page 28: ...ystem default SQLNet 922 show service system default SQLNet 924 set service system default SSH 925 show service system default SSH 927 set service system default SSH ips settings 928 show service system default SSH ips settings 929 set service system default TELNET 930 show service system default TELNET 932 set service system default TFTP 933 show service system default TFTP 935 service tcp 936 ad...

Page 29: ...961 set snmp 962 set snmp 963 set snmp 964 set snmp 965 set snmp 966 set snmp 967 show snmp 968 show snmp 969 show snmp 970 show snmp 971 show snmp 972 show snmp 973 show snmp general all 974 snmp traps 975 set snmp traps 976 set snmp traps 977 set snmp traps 978 set snmp traps 979 show snmp traps 980 delete snmp traps receivers 981 show snmp traps receivers 982 show snmp traps enabled traps 983 s...

Page 30: ...ssl inspection exception 1000 set ssl inspection exception 1001 show ssl inspection exception 1003 show ssl inspection exceptions 1004 ssl inspection policy 1005 set ssl inspection policy 1006 set ssl inspection policy https categorization only mode 1008 set ssl inspection policy inspect https protocol 1009 set ssl inspection policy inspect imaps protocol 1010 show ssl inspection policy 1011 delet...

Page 31: ...ow switch 1035 show switches 1036 syslog server 1037 add syslog server 1038 add syslog server protocol tls 1039 delete syslog server 1040 delete syslog server 1041 delete syslog server 1042 set syslog server 1043 set syslog server 1044 set syslog server 1045 show syslog server 1046 show syslog server 1047 show syslog server 1048 show syslog server all 1049 system settings 1050 show system settings...

Page 32: ... set threat prevention anti virus engine 1070 show threat prevention anti virus engine 1071 add threat prevention anti virus file type 1072 delete threat prevention anti virus file type 1073 set threat prevention anti virus file type 1074 show threat prevention anti virus file type 1075 show threat prevention anti virus file types 1076 delete threat prevention anti virus file type custom 1077 set ...

Page 33: ...on 1107 add threat prevention ips network exception 1108 delete threat prevention ips network exception 1109 delete threat prevention ips network exception 1110 delete threat prevention ips network exception 1111 set threat prevention ips network exception 1112 set threat prevention ips network exception 1113 set threat prevention ips network exception 1115 show threat prevention ips network excep...

Page 34: ...evention threat emulation additional remote emulator 1140 show threat prevention threat emulation additional remote emulator 1141 set threat prevention threat emulation file types revert actions to default 1142 threat prevention threat emulation 1143 set threat prevention threat emulation file type 1144 show threat prevention threat emulation file type 1145 show threat prevention threat emulation ...

Page 35: ...eat prevention whitelist type url 1169 show threat prevention whitelist urls 1170 ui settings 1171 set ui settings 1172 set ui settings 1173 set ui settings 1174 show ui settings 1175 show ui settings 1176 show ui settings 1177 usb modem advanced 1178 add usb modem advanced 1179 delete usb modem advanced 1180 delete usb modem advanced all 1181 set usb modem advanced 1182 show usb modem advanced 11...

Page 36: ...d authentication 1204 set user awareness browser based authentication 1205 set user awareness browser based authentication 1206 show user awareness 1207 show user awareness 1208 show user awareness 1209 show user awareness browser based authentication 1210 set user management 1211 show upgrade log 1212 show used ad group bookmarks 1213 upgrade from usb or tftp server 1214 vpn 1215 vpn 1216 Managin...

Page 37: ...244 set vpn 1245 set vpn 1246 set vpn 1247 set vpn 1248 show vpn 1249 show vpn 1250 show vpn 1251 vpn remote access 1252 set vpn remote access 1253 set vpn remote access 1254 set vpn remote access 1255 set vpn remote access 1256 set vpn remote access 1257 set vpn remote access 1258 set vpn remote access 1259 set vpn remote access 1260 set vpn remote access 1261 set vpn remote access 1262 set vpn r...

Page 38: ...et vpn remote access 1278 set vpn remote access 1279 set vpn remote access 1280 set vpn remote access 1281 set vpn remote access 1282 set vpn remote access 1283 set vpn remote access 1284 set vpn remote access 1285 set vpn remote access 1286 set vpn remote access 1287 set vpn remote access 1288 show vpn remote access 1289 show vpn remote access 1290 show vpn remote access 1291 set vpn remote acces...

Page 39: ... 1317 set vpn site to site 1318 set vpn site to site 1319 set vpn site to site 1320 set vpn site to site 1321 set vpn site to site 1322 set vpn site to site 1323 set vpn site to site 1324 set vpn site to site 1325 set vpn site to site 1326 set vpn site to site 1327 set vpn site to site 1328 set vpn site to site 1329 set vpn site to site 1330 set vpn site to site 1331 set vpn site to site 1332 set ...

Page 40: ... 1347 shows vpn site to site 1348 show vpn site to site 1349 shows vpn site to site 1350 set vpn site to site enc dom manual 1351 set vpn site to site enc dom manual 1352 set vpn site to site enc dom manual 1353 set vpn site to site enc dom manual 1354 vpn tunnel 1355 show vpn tunnel 1356 show vpn tunnels 1357 wlan 1358 delete wlan 1359 set wlan 1360 set wlan 1361 set wlan 1362 set wlan 1363 set w...

Page 41: ...381 set wlan radio 1382 set wlan radio 1383 set wlan radio 1384 set wlan radio 1385 set wlan radio 1386 set wlan radio 1387 show wlan radio 1388 show wlan statistics 1389 wlan vaps 1390 add wlan vap 1391 delete wlan vaps 1392 set wlan vap wireless advanced settings protected mgmt frames 1393 set wlan vap 1394 show wlan vap wireless 1395 show wlan vaps 1396 show wlan vaps statistics 1397 zero touch...

Page 42: ...tion SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 42 Introduction This guide contains all relevant CLI commands for the Small and Medium Business SMB 1500 appliance models n 1530 n 1550 n 1570 n 1590 ...

Page 43: ... n You can enable login directly to expert mode To do this l Login to Expert mode using the Expert password l Run the command bashUser on l You will now always login directly to expert mode this mode is not deleted during reboot l To turn this mode off run the command bashUser off n SCP to the appliance is supported but you need to enable direct login to Expert mode Note that SFTP that is commonly...

Page 44: ...escription Text without brackets Items you must type as shown Text inside angle brackets Placeholder for which you must supply a value Text inside square brackets Optional items Vertical pipe Separator for mutually exclusive items choose one Text inside curly brackets Set of required items choose one Ellipsis Multiple values or parameters can be entered ...

Page 45: ... Description c Cmd Single command to execute f File File to load commands from v Verbose i Ignore cmd failure in batch mode and continue A Run as admin C List available commands h Help this message Note If the default shell in which you logged in was Gaia Clish and then you logged in to the Expert mode from it you cannot run the clish command from the Expert mode running clish expert clish command...

Page 46: ...80 20 05 CLI Reference Guide 46 Supported Linux Commands These standard Linux commands are also supported by the Check Point Small and Medium Business Appliance CLI n arp n netstat n nslookup n ping n resize n sleep n tcpdump n top n traceroute n uptime ...

Page 47: ...access rule type outgoing SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 47 access rule type outgoing Relevant commands for outgoing access rule ...

Page 48: ...ation negate application negate limit application download true limit limit false limit application upload true limit limit false Parameters Parameter Description action The action taken when there is a match on the rule Options block accept ask inform block inform application id Applications or web sites that are accepted or blocked application name Applications or web sites that are accepted or ...

Page 49: ... not log Log Create log Alert log with alert Account account rule Options none log alert account name name Type A string of alphanumeric characters without space between them position The order of the rule in comparison to other manual rules Type Decimal number position above The order of the rule in comparison to other manual rules Type Decimal number position below The order of the rule in compa...

Page 50: ... TEXT source negate true destination TEXT destination negate true service TEXT service negate true disabled true comment This is a comment hours range enabled true hours range from 23 20 hours range to 23 20 position 2 name word application name hasOne application negate true limit application download true limit 200 limit application upload true limit 5 ...

Page 51: ... rule position or rule name Syntax delete access rule type outgoing position position delete access rule type outgoing name name Parameters Parameter Description position The order of the rule in comparison to other manual rules Type Decimal number name name Type A string of alphanumeric characters without space between them Example delete access rule type outgoing position 2 delete access rule ty...

Page 52: ...cation download true limit limit false limit application upload true limit limit false set access rule type outgoing name name action action log log source source source negate source negate destination destination destination negate destination negate service service service negate service negate disabled disabled comment comment hours range enabled true hours range from hours range from hours ra...

Page 53: ...ype Boolean true false hours range enabled If true time is configured Type Boolean true false hours range from Time in the format HH MM Type A time format hh mm hours range to Time in the format HH MM Type A time format hh mm limit Applications traffic upload limit in kbps Type A number with no fractional part integer limit application download If true download is limited Type Boolean true false l...

Page 54: ...e Example set access rule type outgoing position 2 action block log none source TEXT source negate true destination TEXT destination negate true service TEXT service negate true disabled true comment This is a comment hours range enabled true hours range from 23 20 hours range to 23 20 position 2 name word application name hasOne application negate true limit application download true limit 100 li...

Page 55: ...g to name or position Syntax show access rule type outgoing name name show access rule type outgoing position position Parameters Parameter Description name name Type A string of alphanumeric characters without space between them position The order of a manual rule in comparison to other manual rules Type Decimal number Example show access rule type outgoing position 2 show access rule type outgoi...

Page 56: ... incoming internal and vpn SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 56 access rule type incoming internal and vpn Commands relevant for firewall access rule to the incoming internal VPN traffic Rule Base ...

Page 57: ...osition position position above position above position below position below name name vpn vpn Parameters Parameter Description action The action taken when there is a match on the rule Options block accept ask inform block inform comment Description of the rule Type A string that contains less than 257 characters of this set 0 9 a z or destination Network object that is the target of the connecti...

Page 58: ...Type Decimal number service The network service object that the rule should match to service negate If true the service is everything except what is defined in the service field Type Boolean true false source Network object or user group that initiates the connection source negate If true the source is all traffic except what is defined in the source field Type Boolean true false vpn Indicates if ...

Page 59: ... rule position Syntax delete access rule type incoming internal and vpn name name delete access rule type incoming internal and vpn position position Parameters Parameter Description name Name Type A string of alphanumeric characters without space between them position The order of the rule in comparison to other manual rules Type Decimal number Example delete access rule type incoming internal an...

Page 60: ...cess rule type incoming internal and vpn name name action action log log source source source negate source negate destination destination destination negate destination negate service service service negate service negate disabled disabled comment comment hours range enabled true hours range from hours range from hours range to hours range to false position position position above position above ...

Page 61: ...es Type Decimal number position below The order of the rule in comparison to other manual rules Type Decimal number service The network service object that the rule should match to service negate If true the service is everything except what is defined in the service field Type Boolean true false source Network object or user group that initiates the connection source negate If true the source is ...

Page 62: ...ess rule type incoming internal and vpn name word action block log none source TEXT source negate true destination TEXT destination negate true service TEXT service negate true disabled true comment This is a comment hours range enabled true hours range from 23 20 hours range to 23 20 position 2 name word vpn true ...

Page 63: ...or name Syntax show access rule type incoming internal and vpn position position show access rule type incoming internal and vpn name name Parameters Parameter Description position The order of a manual rule in comparison to other manual rules Type Decimal number name name Type A string of alphanumeric characters without space between them Example show access rule type incoming internal and vpn po...

Page 64: ...additional hw settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 64 additional hw settings Relevant commands for additional hardware settings ...

Page 65: ...yntax set additional hw settings reset timeout reset timeout Parameters Parameter Description reset timeout Indicates the amount of time in seconds that you need to press and hold the factory defaults button on the back panel to restore to the factory defaults image Type A number with no fractional part integer Example set additional hw settings reset timeout 15 ...

Page 66: ... Appliance Series R80 20 05 CLI Reference Guide 66 show additional hw settings Description Shows advanced hardware related setings Syntax show additional hw settings Parameters Parameter Description n a Example show additional hw settings ...

Page 67: ...additional management settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 67 additional management settings Commands relevant for additional management settings ...

Page 68: ...ngs advanced settings install temporary policy to storage advanced settings install temporary policy to storage Parameters Parameter Description advanced settings install temporary policy to storage Indicates whether the temporary policy installation files will be saved to the storage partition Type Boolean true false Example set additional management settings advanced settings install temporary p...

Page 69: ...80 20 05 CLI Reference Guide 69 show additional management settings Description Show the additional management settings that were configured Syntax show additional management settings Parameters Parameter Description n a Example show additional management settings ...

Page 70: ...ad server SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 70 ad server Relevant commands for ad server ...

Page 71: ...nch of the domain to be used Type An LDAP DN domain Domain name Type Host name ipv4 address Domain controller IP address password The user s password Type A string that contains alphanumeric and special characters use branch path Select only if you want to use only part of the user database defined in the Active Directory Type Boolean true false user dn FQDN of the user Type An LDAP DN username A ...

Page 72: ...80 20 05 CLI Reference Guide 72 delete ad server Description Deletes an existing Active Directory server object Syntax delete ad server domain Parameters Parameter Description domain Domain name Type Host name Example delete ad server myHost com ...

Page 73: ...he branch of the domain to be used Type An LDAP DN domain Domain name Type Host name ipv4 address Domain controller IP address password The user s password Type A string that contains alphanumeric and special characters use branch path Select only if you want to use only part of the user database defined in the Active Directory Type Boolean true false user dn FQDN of the user Type An LDAP DN usern...

Page 74: ...20 05 CLI Reference Guide 74 show ad server Description Shows settings of a configured Active Directory server object Syntax show ad server domain Parameters Parameter Description domain Domain name Type Host name Example show ad server myHost com ...

Page 75: ...B 1500 Appliance Series R80 20 05 CLI Reference Guide 75 show ad servers Description Shows settings of all configured AD server objects Syntax show ad servers Parameters Parameter Description n a Example show ad servers ...

Page 76: ...address range SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 76 address range Relevant commands for address range ...

Page 77: ...nd ipv4 dhcp exclude ip addr dhcp exclude ip addr Parameters Parameter Description dhcp exclude ip addr Indicates if the object s IP address es is excluded from internal DHCP daemon Options on off end ipv4 The end of the IP range name Network Object name Type String start ipv4 The beginning of the IP range Example add address range name TEXT start ipv4 192 168 1 1 end ipv4 192 168 1 1 dhcp exclude...

Page 78: ...es R80 20 05 CLI Reference Guide 78 delete address range Description Deletes an existing address range object Syntax delete address range name Parameters Parameter Description name Network Object name Type String Example delete address range TEXT ...

Page 79: ...ipv4 end ipv4 dhcp exclude ip addr dhcp exclude ip addr Parameters Parameter Description dhcp exclude ip addr Indicates if the object s IP address es is excluded from internal DHCP daemon Options on off end ipv4 The end of the IP range name Network Object name Type String start ipv4 The beginning of the IP range Example set address range TEXT name TEXT start ipv4 192 168 1 1 end ipv4 192 168 1 1 d...

Page 80: ...0 20 05 CLI Reference Guide 80 show address range Description Shows settings of a configured IP address range object Syntax show address range name Parameters Parameter Description name Network Object name Type String Example show address range TEXT ...

Page 81: ...Appliance Series R80 20 05 CLI Reference Guide 81 show address ranges Description Shows settings of all configured IP address range objects Syntax show address ranges Parameters Parameter Description n a Example show address ranges ...

Page 82: ...admin access SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 82 admin access Relevant commands for admin access ...

Page 83: ...iance Syntax add admin access ipv4 address single ipv4 address network ipv4 address ip_addr subnet mask netmask mask length mask_length Parameters Parameter Description ip_addr IPv4 address mask_length Interface mask length a value between 1 32 netmask Interface IPv4 address subnet mask Return Value 0 on success 1 on failure Example add admin access ipv4 address network ipv4 address 1 1 1 1 subnet...

Page 84: ...Boolean true false allowed ipv4 addresses Administrator access permissions policy for source IP addresses Options any from ip list any except internet ssh access port SSH Port Type Port number support weak tls version For security reasons it is highly recommended never to change this parameter s value Support of TLSv1 0 will be added back to the administration portal to allow connectivity with old...

Page 85: ...500 Appliance Series R80 20 05 CLI Reference Guide 85 show admin access Description Shows settings of administrator access configuration Syntax show admin access Parameters Parameter Description n a Example show admin access ...

Page 86: ...admin access ip addresses SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 86 admin access ip addresses Relevant commands for admin access IP addresses ...

Page 87: ...Reference Guide 87 show admin access ip addresses Description Show all the configured IP addresses that are permitted for administrator access to the appliance Syntax show admin access ip addresses Parameters Parameter Description n a Example show admin access ip addresses ...

Page 88: ...R80 20 05 CLI Reference Guide 88 delete admin access ip address all Description Delete all the reserved IP addresses for administrator access Syntax delete admin access ip address all Parameters Parameter Description n a Example delete admin access ip address all ...

Page 89: ...admin access ipv4 address SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 89 admin access ipv4 address Relevant commands for admin access IPv4 addresses ...

Page 90: ...00 Appliance Series R80 20 05 CLI Reference Guide 90 add admin access ipv4 address Adds a specific IPv4 address or an IPv4 address network and mask from which the administrator can remotely access the appliance according to configuration ...

Page 91: ... specific IPv4 address from which the administrator can remotely access the appliance according to configuration Syntax add admin access ipv4 address single ipv4 address single ipv4 address Parameters Parameter Description single ipv4 address IP address Type IP address Example add admin access ipv4 address single ipv4 address 192 168 1 1 ...

Page 92: ...ding to configuration Syntax add admin access ipv4 address network ipv4 address network ipv4 address subnet mask subnet mask mask length mask length Parameters Parameter Description mask length Subnet mask length Type A string that contains numbers only network ipv4 address IP address Type IP address subnet mask Subnet mask Type Subnet mask Example add admin access ipv4 address network ipv4 addres...

Page 93: ...ion Deletes a specific IPv4 address or an IPv4 network and subnet from which the administrator can remotely access the appliance according to configuration Syntax delete admin access ipv4 address ipv4 address Parameters Parameter Description ipv4 address IP address Type IP address Example delete admin access ipv4 address 192 168 1 1 ...

Page 94: ...nce Series R80 20 05 CLI Reference Guide 94 show admin access ipv4 addresses Description Shows allowed IP addresses for admin access Syntax show admin access ipv4 addresses Parameters Parameter Description n a Example show admin access ipv4 addresses ...

Page 95: ...lete admin access ipv4 address all Description Deletes all configured IPv4 addresses from which the administrator can remotely access the appliance according to configuration Syntax delete admin access ipv4 address all Parameters Parameter Description n a Example delete admin access ipv4 address all ...

Page 96: ...administrator SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 96 administrator Relevant commands for admininstrators ...

Page 97: ...word hash permission permission Parameters Parameter Description password hash Virtual field used for calculating a hashed password Type An encrypted password permission The administrator role and permissions Options read write readonly networking username Indicates the administrator user name Type A string that contains A Z 0 9 and _ characters Example add administrator username admin password ha...

Page 98: ...es an existing defined administrator The system will not allow deletion of the last administrator Syntax delete administrator username username Parameters Parameter Description username Indicates the administrator user name Type A string that contains A Z 0 9 and _ characters Example delete administrator username admin ...

Page 99: ...set administrator SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 99 set administrator Configures an existing user with administrator privileges ...

Page 100: ...dministrator You will be prompted to add a new password following this command this command cannot be used in a script Syntax set administrator username username password Parameters Parameter Description username Indicates the administrator user name Type A string that contains A Z 0 9 and _ characters Example set administrator username admin password ...

Page 101: ...rmission password hash password hash Parameters Parameter Description password hash Virtual field used for calculating a hashed password Type An encrypted password permission The administrator role and permissions Options read write readonly networking username Indicates the administrator user name Type A string that contains A Z 0 9 and _ characters Example set administrator username admin permis...

Page 102: ...set administrators SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 102 set administrators Configure users with administrator privileges through a RADIUS server ...

Page 103: ... Parameters Parameter Description permission Administrators role Options read write readonly networking radius auth Administrators RADIUS authentication Type Boolean true false radius groups RADIUS groups for authentication Example RADIUS group1 RADIUS class2 Type A string that contains A Z 0 9 _ and space characters use radius groups Use RADIUS groups for authentication Type Boolean true false Ex...

Page 104: ...r Description Shows settings of an existing user with administrator privileges Syntax show administrator username username Parameters Parameter Description username Indicates the administrator user name Type A string that contains A Z 0 9 and _ characters Example show administrator username admin ...

Page 105: ...show administrators SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 105 show administrators Shows settings of all users with administrator privileges ...

Page 106: ...ppliance Series R80 20 05 CLI Reference Guide 106 show administrators Description Shows settings of all users with administrator privileges Syntax show administrators Parameters Parameter Description n a Example show administrators ...

Page 107: ... 05 CLI Reference Guide 107 show administrators Description Shows advanced settings of all users with administrator privileges Syntax show administrators advanced settings Parameters Parameter Description n a Example show administrators advanced settings ...

Page 108: ...administrators radius auth SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 108 administrators radius auth Relevant commands for administrator radius authentication ...

Page 109: ...uide 109 set administrators radius auth Description Configure the administrator role on the RADIUS Syntax set administrators radius auth enable disable use radius roles true false Parameters Parameter Description n a Example set administrators radius auth enable use radius roles true ...

Page 110: ...ers text Syntax set administrators radius auth enable disable use radius roles false permission readonly read write networking use radius groups group_ name Parameters Parameter Description admin role n Read Only n Read Write n Networking group_name The name of the radius group Example set administrators radius auth enable use radius roles false permission networking use radius groups group_name ...

Page 111: ...0 20 05 CLI Reference Guide 111 show administrators radius auth Description Shows RADIUS related settings for users with administrator privileges Syntax show administrators radius auth Parameters Parameter Description n a Example show administrators radius auth ...

Page 112: ...stomize roles true roles conf roles conf false Parameters Parameter Description customize roles Customize administrators roles permissions Type Boolean true false roles conf The configuration of administrator roles in base64 format To get the right configuration contact Check Point Support Type base64 Example set administrators roles settings customize roles true roles conf base64 show administrat...

Page 113: ...show administrators radius auth SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 113 Parameters Parameter Description n a Example show administrators roles settings ...

Page 114: ...administrator session settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 114 administrator session settings Relevant commands for administrator session settings ...

Page 115: ...rt integer lock period Once locked out the administrator will be unable to login for this long Type A number with no fractional part integer lockout enable Limit administrators login failure attempts Options on off max lockout attempts The maximum number of consecutive login failure attempts before the administrator is locked out Type A number with no fractional part integer password complexity le...

Page 116: ...0 20 05 CLI Reference Guide 116 show administrator session settings Description Shows session settings for users with administrator privileges Syntax show administrator session settings Parameters Parameter Description n a Example show administrator session settings ...

Page 117: ... 20 05 CLI Reference Guide 117 show adsl statistics Description Shows statistics regarding the DSL internet connection applicable on appliance models with DSL Syntax show adsl statistics Parameters Parameter Description n a Example show adsl statistics ...

Page 118: ...aggressive aging SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 118 aggressive aging Relevant commands for aggressive aging ...

Page 119: ... Reference Guide 119 set aggressive aging Configures aggressive aging feature s behavior Aggressive Aging is designed to optimize how the device is dealing with a large connection number by aggressively reducing the timeout of existing connections when necessary ...

Page 120: ...nable udp timeout enable general general log log connt limit high watermark pct connt limit high watermark pct connt mem high watermark pct connt mem high watermark pct memory conn status memory conn status Parameters Parameter Description connt limit high watermark pct Connection table percentage limit Type A number with no fractional part integer connt mem high watermark pct Memory consumption p...

Page 121: ...p end timeout TCP termination reduced timeout Type A number with no fractional part integer tcp end timeout enable Enable reduced timeout for TCP termination Type Boolean true false tcp start timeout TCP handshake reduced timeout Type A number with no fractional part integer tcp start timeout enable Enable reduced timeout for TCP handshake Type Boolean true false tcp timeout TCP session reduced ti...

Page 122: ... other timeout enable true pending timeout 30 pending timeout enable true tcp end timeout 3600 tcp end timeout enable true tcp start timeout 3600 tcp start timeout enable true tcp timeout 3600 tcp timeout enable true udp timeout 3600 udp timeout enable true general true log log connt limit high watermark pct 80 connt mem high watermark pct 80 memory conn status both ...

Page 123: ...able log log connt mem high watermark pct connt mem high watermark pct tcp end timeout enable tcp end timeout enable icmp timeout icmp timeout tcp end timeout tcp end timeout memory conn status memory conn status pending timeout pending timeout other timeout other timeout Parameters Parameter Description n a Example set aggressive aging advanced settings connections other timeout enable true connt...

Page 124: ...show aggressive aging SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 124 show aggressive aging Shows aggressive aging settings ...

Page 125: ... SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 125 show aggressive aging Description Shows aggressive aging settings Syntax show aggressive aging Parameters Parameter Description n a Example show aggressive aging ...

Page 126: ...ries R80 20 05 CLI Reference Guide 126 show aggressive aging Description Shows aggressive aging advanced settings Syntax show aggressive aging advanced settings Parameters Parameter Description n a Example show aggressive aging advanced settings ...

Page 127: ...antispam SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 127 antispam Relevant commands for Anti Spam Software Blade and settings ...

Page 128: ...set antispam SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 128 set antispam Configures policy for Anti Spam blade ...

Page 129: ...ag subject Options block flag header flag subject action suspected spam email content Action to be used upon suspected spam detection in email content block flag header flag subject Options block flag header flag subject detect mode Detect Only mode on off Type Boolean true false detection method Type of spam detection Either Sender s IP address or both Sender s IP address and content based detect...

Page 130: ...ls Type Boolean true false suspected spam log Tracking options for suspected spam emails log alert or none Options none log alert Example set antispam mode on detection method email content log none action spam email content block flag subject stamp several words detect mode true specify suspected spam settings true suspected spam log none action suspected spam email content block flag suspected s...

Page 131: ...nce Guide 131 set antispam Description Configures advanced setting for the Anti Spam blade Syntax set antispam advanced settings ip rep fail open ip rep fail open Parameters Parameter Description n a Example set antispam advanced settings ip rep fail open true ...

Page 132: ...rence Guide 132 set antispam Description Configures advanced setting for the Anti Spam blade Syntax set antispam advanced settings email size scan email size scan Parameters Parameter Description n a Example set antispam advanced settings email size scan 1024 ...

Page 133: ...eference Guide 133 set antispam Description Configures advanced setting for the Anti Spam blade Syntax set antispam advanced settings scan outgoing scan outgoing Parameters Parameter Description n a Example set antispam advanced settings scan outgoing true ...

Page 134: ... Guide 134 set antispam Description Configures advanced setting for the Anti Spam blade Syntax set antispam advanced settings spam engine timeout spam engine timeout Parameters Parameter Description n a Example set antispam advanced settings spam engine timeout 15 ...

Page 135: ...nce Guide 135 set antispam Description Configures advanced setting for the Anti Spam blade Syntax set antispam advanced settings allow mail track allow mail track Parameters Parameter Description n a Example set antispam advanced settings allow mail track none ...

Page 136: ...ce Guide 136 set antispam Description Configures advanced setting for the Anti Spam blade Syntax set antispam advanced settings transparent proxy transparent proxy Parameters Parameter Description n a Example set antispam advanced settings transparent proxy true ...

Page 137: ...ference Guide 137 set antispam Description Configures advanced setting for the Anti Spam blade Syntax set antispam advanced settings ip rep timeout ip rep timeout Parameters Parameter Description n a Example set antispam advanced settings ip rep timeout 15 ...

Page 138: ...et antispam Description Configures advanced setting for the Anti Spam blade Syntax set antispam advanced settings spam engine all mail track spam engine all mail track Parameters Parameter Description n a Example set antispam advanced settings spam engine all mail track none ...

Page 139: ...show antispam SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 139 show antispam Shows the configured policy for the Anti Spam blade ...

Page 140: ...MB 1500 Appliance Series R80 20 05 CLI Reference Guide 140 show antispam Description Shows the configured policy for the Anti Spam blade Syntax show antispam Parameters Parameter Description n a Example show antispam ...

Page 141: ...0 05 CLI Reference Guide 141 show antispam Description Shows the advanced settings in the configured policy for the Anti Spam blade Syntax show antispam advanced settings Parameters Parameter Description n a Example show antispam advanced settings ...

Page 142: ...antispam allowed sender SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 142 antispam allowed sender ...

Page 143: ...add antispam allowed sender SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 143 add antispam allowed sender Adds a new Anti Spam allow exception ...

Page 144: ...ispam allowed sender Description Adds a new Anti Spam allow exception for a specific IP address Syntax add antispam allowed sender ipv4 addr ipv4 addr Parameters Parameter Description ipv4 addr Anti Spam allowed IP address Type IP address Example add antispam allowed sender ipv4 addr 192 168 1 1 ...

Page 145: ...tion Adds a new Anti Spam allow exception for a sender email or domain Syntax add antispam allowed sender sender or domain sender or domain Parameters Parameter Description sender or domain Anti Spam allowed domain or sender Type A domain or email address Example add antispam allowed sender sender or domain myEmail mail com ...

Page 146: ...delete antispam allowed sender SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 146 delete antispam allowed sender Deletes an existing Anti Spam allow exception ...

Page 147: ...eries R80 20 05 CLI Reference Guide 147 delete antispam allowed sender Description Deletes all existing Anti Spam allow exceptions Syntax delete antispam allowed sender all Parameters Parameter Description n a Example delete antispam allowed sender all ...

Page 148: ...letes an existing Anti Spam allow exception for sender s email or domain Syntax delete antispam allowed sender sender or domain sender or domain Parameters Parameter Description sender or domain Anti Spam allowed domain or sender Type A domain name or email address Example delete antispam allowed sender sender or domain myEmail mail com ...

Page 149: ... allowed sender Description Deletes an existing Anti Spam allow exception for a specific IPv4 address Syntax delete antispam allowed sender ipv4 addr ipv4 addr Parameters Parameter Description ipv4 addr Anti Spam allowed IP address Type IP address Example delete antispam allowed sender ipv4 addr 192 168 1 1 ...

Page 150: ...e Series R80 20 05 CLI Reference Guide 150 show antispam allowed senders Description Shows the allowed exceptions for the Anti Spam blade Syntax show antispam allowed senders Parameters Parameter Description n a Example show antispam allowed senders ...

Page 151: ...antispam blocked sender SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 151 antispam blocked sender ...

Page 152: ...add antispam blocked sender SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 152 add antispam blocked sender Adds a new Anti Spam block exception ...

Page 153: ...ispam blocked sender Description Adds a new Anti Spam block exception for a specific IP address Syntax add antispam blocked sender ipv4 addr ipv4 addr Parameters Parameter Description ipv4 addr Anti Spam blocked IP address Type IP address Example add antispam blocked sender ipv4 addr 192 168 1 1 ...

Page 154: ...n Adds a new Anti Spam block exception for a sender email or domain Syntax add antispam blocked sender sender or domain sender or domain Parameters Parameter Description sender or domain Anti Spam blocked domain or sender Type A domain name or email address Example add antispam blocked sender sender or domain myEmail mail com ...

Page 155: ...delete antispam blocked sender SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 155 delete antispam blocked sender Deletes an existing Anti Spam block exception ...

Page 156: ...eries R80 20 05 CLI Reference Guide 156 delete antispam blocked sender Description Deletes all existing Anti Spam block exceptions Syntax delete antispam blocked sender all Parameters Parameter Description n a Example delete antispam blocked sender all ...

Page 157: ...letes an existing Anti Spam block exception for sender s email or domain Syntax delete antispam blocked sender sender or domain sender or domain Parameters Parameter Description sender or domain Anti Spam blocked domain or sender Type A domain name or email address Example delete antispam blocked sender sender or domain myEmail mail com ...

Page 158: ... blocked sender Description Deletes an existing Anti Spam block exception for a specific IPv4 address Syntax delete antispam blocked sender ipv4 addr ipv4 addr Parameters Parameter Description ipv4 addr Anti Spam blocked IP address Type IP address Example delete antispam blocked sender ipv4 addr 192 168 1 1 ...

Page 159: ...e Series R80 20 05 CLI Reference Guide 159 show antispam blocked senders Description Shows the blocked exceptions for the Anti Spam blade Syntax show antispam blocked senders Parameters Parameter Description n a Example show antispam blocked senders ...

Page 160: ...application SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 160 application Relevant commands for application ...

Page 161: ...add application SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 161 add application Adds a new custom application object string or regular expression signature over URL ...

Page 162: ...tion url application url Parameters Parameter Description application name Application name Type URL application url Contains the URLs related to this application category The primary category for the application the category which is the most relevant regex url Indicates if regular expressions are used instead of partial strings Type Boolean true false Example add application application name htt...

Page 163: ...e 163 add application Description Simplified method for adding a new custom application object string over URL Syntax add application url application url Parameters Parameter Description application url Application URL Example add application url http somehost example com ...

Page 164: ...delete application SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 164 delete application Deletes an existing custom application object string or regular expression signature over URL ...

Page 165: ...escription Deletes an existing custom application object by application ID Syntax delete application application id application id Parameters Parameter Description application id The ID of the application Type A number with no fractional part integer Example delete application application id 1000000 ...

Page 166: ...ication Description Deletes an existing custom application object by application name Syntax delete application application name application name Parameters Parameter Description application name Application name Type URL Example delete application application name http somehost example com ...

Page 167: ...167 find application Description Find an application by name or partial string to view further details regarding it Syntax find application application name Parameters Parameter Description application name Application or group name Type String Example find application TEXT ...

Page 168: ...set application SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 168 set application Configures an existing custom application object ...

Page 169: ... to an existing custom application object by name Syntax set application application name application name add url url Parameters Parameter Description application name Application name Type URL url Application URL Example set application application name http somehost example com add url http somehost example com ...

Page 170: ...rom an existing custom application object by name Syntax set application application name application name remove url url Parameters Parameter Description application name Application name Type URL url Application URL Example set application application name http somehost example com remove url http somehost example com ...

Page 171: ...isting custom application object by ID Syntax set application application id application id add url url Parameters Parameter Description application id The ID of the application Type A number with no fractional part integer url Application URL Example set application application id 12345678 add url http somehost example com ...

Page 172: ...sting custom application object by ID Syntax set application application id application id remove url url Parameters Parameter Description application id The ID of the application Type A number with no fractional part integer url Application URL Example set application application id 12345678 remove url http somehost example com ...

Page 173: ...gory to an existing custom application object by name Syntax set application application name application name add category category Parameters Parameter Description application name Application name Type URL category Category name Example set application application name http somehost example com add category TEXT ...

Page 174: ...ry from an existing custom application object by name Syntax set application application name application name remove category category Parameters Parameter Description application name Application name Type URL category Category name Example set application application name http somehost example com remove category TEXT ...

Page 175: ...n existing custom application object by ID Syntax set application application id application id add category category Parameters Parameter Description application id The ID of the application Type A number with no fractional part integer category Category name Example set application application id 12345678 add category TEXT ...

Page 176: ... existing custom application object by ID Syntax set application application id application id remove category category Parameters Parameter Description application id The ID of the application Type A number with no fractional part integer category Category name Example set application application id 12345678 remove category TEXT ...

Page 177: ...ategory regex url regex url Parameters Parameter Description application id The ID of the application Type A number with no fractional part integer category The primary category for the application the category which is the most relevant regex url Indicates if regular expressions are used instead of partial strings Type Boolean true false Example set application application id 12345678 category TE...

Page 178: ...name category category regex url regex url Parameters Parameter Description application name Application name Type URL category The primary category for the application the category which is the most relevant regex url Indicates if regular expressions are used instead of partial strings Type Boolean true false Example set application application name http somehost example com category TEXT regex u...

Page 179: ...show application SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 179 show application Shows details for a specific application in the Application Control database ...

Page 180: ...cription Shows details for a specific application in the Application Control database by application name Syntax show application application name application name Parameters Parameter Description application name Application or group name Type String Example show application application name TEXT ...

Page 181: ...ls for a specific application in the Application Control database by application ID Syntax show application application id application id Parameters Parameter Description application id The ID of the application or the group Type A number with no fractional part integer Example show application application id 12345678 ...

Page 182: ...ons SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 182 show applications Description Shows details of all applications Syntax show applications Parameters Parameter Description n a Example show applications ...

Page 183: ...application control SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 183 application control ...

Page 184: ...orrents and peer to peer applications Type Boolean true false block inappropriate content Control content by blocking Internet access to websites with inappropriate content such as sex violence weapons gambling and alcohol Type Boolean true false block other undesired applications Manually add and block applications or categories of URLs to a group of undesired applications Type Boolean true false...

Page 185: ...ber with no fractional part integer url flitering only Indicates if enable URL Filtering and detection only mode is enabled Type Boolean true false Example set application control mode true url flitering only true block security categories true block inappropriate content true block other undesired applications true block file sharing applications true limit bandwidth true limit upload true set li...

Page 186: ...e Series R80 20 05 CLI Reference Guide 186 show application control Description Shows the configured policy for the Application Control blade Syntax show application control Parameters Parameter Description n a Example show application control ...

Page 187: ... undesired applications Description Shows the content of the custom Other Undesired Applications group This group can be chosen to be blocked by default by the Application Control policy Syntax show application control other undesired applications Parameters Parameter Description n a Example show application control other undesired applications ...

Page 188: ...application control engine settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 188 application control engine settings ...

Page 189: ...et application control engine settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 189 set application control engine settings Configures Application Control blade s advanced engine settings ...

Page 190: ... control engine settings Description Configures Application Control blade s advanced engine settings Syntax set application control engine settings advanced settings fail mode fail mode Parameters Parameter Description n a Example set application control engine settings advanced settings fail mode allow all requests ...

Page 191: ...res Application Control blade s advanced engine settings Syntax set application control engine settings advanced settings block requests when web service unavailable block requests when web service unavailable Parameters Parameter Description n a Example set application control engine settings advanced settings block requests when web service unavailable true ...

Page 192: ... engine settings Description Configures Application Control blade s advanced engine settings Syntax set application control engine settings advanced settings enforce safe search enforce safe search Parameters Parameter Description n a Example set application control engine settings advanced settings enforce safe search true ...

Page 193: ...Description Configures Application Control blade s advanced engine settings Syntax set application control engine settings advanced settings web site categorization mode web site categorization mode Parameters Parameter Description n a Example set application control engine settings advanced settings web site categorization mode background ...

Page 194: ...rol engine settings Description Configures Application Control blade s advanced engine settings Syntax set application control engine settings advanced settings track browse time track browse time Parameters Parameter Description n a Example set application control engine settings advanced settings track browse time true ...

Page 195: ...gs Description Configures Application Control blade s advanced engine settings Syntax set application control engine settings advanced settings http referrer identification http referrer identification Parameters Parameter Description n a Example set application control engine settings advanced settings http referrer identification true ...

Page 196: ...Configures Application Control blade s advanced engine settings Syntax set application control engine settings advanced settings categorize cached and translated pages categorize cached and translated pages Parameters Parameter Description n a Example set application control engine settings advanced settings categorize cached and translated pages true ...

Page 197: ...e Guide 197 show application control engine settings Description Shows advanced settings of the Application Control blade Syntax show application control engine settings advanced settings Parameters Parameter Description n a Example show application control engine settings advanced settings ...

Page 198: ...application group SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 198 application group ...

Page 199: ... Description Adds a new group object for applications Syntax add application group name name Parameters Parameter Description name Application group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example add application group name users ...

Page 200: ...delete application group SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 200 delete application group Deletes an existing group object of applications ...

Page 201: ...eletes an existing group object of applications by group object name Syntax delete application group name name Parameters Parameter Description name Application group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example delete application group name users ...

Page 202: ...s an existing group object of applications by group object ID Syntax delete application group application group id application group id Parameters Parameter Description application group id The ID of the application group Type A number with no fractional part integer Example delete application group application group id 12345678 ...

Page 203: ...set application group SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 203 set application group Configures an existing application group object ...

Page 204: ... application s name Syntax set application group name name add application name application name Parameters Parameter Description application name Application or group name name Application group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example set application group name users add application name hasMany ...

Page 205: ...application s name Syntax set application group name name remove application name application name Parameters Parameter Description application name Application or group name name Application group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example set application group name users remove application name hasMany ...

Page 206: ...pplication s ID Syntax set application group name name add application id application id Parameters Parameter Description application id The ID of the application or the group name Application group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example set application group name users add application id hasMany ...

Page 207: ...pplication s ID Syntax set application group name name remove application id application id Parameters Parameter Description application id The ID of the application or the group name Application group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example set application group name users remove application id hasMany ...

Page 208: ...e using group object s ID Syntax set application group application group id application group id add application name application name Parameters Parameter Description application group id The ID of the application group Type A number with no fractional part integer application name Application or group name Example set application group application group id 12345678 add application name hasMany ...

Page 209: ... using group object s ID Syntax set application group application group id application group id remove application name application name Parameters Parameter Description application group id The ID of the application group Type A number with no fractional part integer application name Application or group name Example set application group application group id 12345678 remove application name hasM...

Page 210: ...ing group object s ID Syntax set application group application group id application group id add application id application id Parameters Parameter Description application group id The ID of the application group Type A number with no fractional part integer application id The ID of the application or the group Example set application group application group id 12345678 add application id hasMany ...

Page 211: ...ing group object s ID Syntax set application group application group id application group id remove application id application id Parameters Parameter Description application group id The ID of the application group Type A number with no fractional part integer application id The ID of the application or the group Example set application group application group id 12345678 remove application id ha...

Page 212: ...show application group SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 212 show application group shows the configuration of the Application group objects ...

Page 213: ...he configuration of a specific application group object by ID Syntax show application group application group id application group id Parameters Parameter Description application group id The ID of the application group Type A number with no fractional part integer Example show application group application group id 12345678 ...

Page 214: ...ows the configuration of a specific application group object by name Syntax show application group name name Parameters Parameter Description name Application group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example show application group name users ...

Page 215: ... Series R80 20 05 CLI Reference Guide 215 show application groups Description Shows the configuration of all specific application group objects Syntax show application groups Parameters Parameter Description n a Example show application groups ...

Page 216: ...antispoofing SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 216 antispoofing ...

Page 217: ...7 set antispoofing Description Configures the activation of the IP address Anti Spoofing feature Syntax set antispoofing advanced settings global activation global activation Parameters Parameter Description n a Example set antispoofing advanced settings global activation true ...

Page 218: ...0 05 CLI Reference Guide 218 show antispoofing Description Shows the configuration for IP addresses Anti Spoofing functionality Syntax show antispoofing advanced settings Parameters Parameter Description n a Example show antispoofing advanced settings ...

Page 219: ...tftp server serverIP filename filename file encryption off on password pass backup policy on off add comment comment Parameters Parameter Description comment Comment that is added to the file filename Name of the backup file pass Password for the file Alphanumeric and special characters are allowed serverIP IPv4 address of the TFTP server Return Value 0 on success 1 on failure Example backup setti...

Page 220: ... of previous backup settings operations Syntax show backup settings log info from tftp server server filename file from usb filename file Parameters Parameter Description server IP address or host name of the TFTP server file Name of backup file Example show backup settings log show backup settings info from usb filename backup Output Success shows backup settings information Failure shows an appr...

Page 221: ...blade update schedule SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 221 blade update schedule ...

Page 222: ...set blade update schedule SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 222 set blade update schedule Configures schedule for Software Blade updates ...

Page 223: ...ekly this is the weekday in which it occurs Options sunday monday tuesday wednesday thursday friday saturday hour interval If the update occurs hourly this indicates the hour interval between each update Type A number with no fractional part integer recurrence The recurrence of the updates hourly daily weekly or monthly Type Press TAB to see available options schedule anti bot Indicates if Anti Bo...

Page 224: ...ference Guide 224 Parameter Description time The hour of the update Format HH MM in 24 hour clock Type A time format hh mm Example set blade update schedule schedule ips true schedule anti bot true schedule anti virus true schedule appi true recurrence daily time 23 20 ...

Page 225: ... blade update schedule Description Configures advanced settings for Software Blade updates Syntax set blade update schedule advanced settings max num of retries max num of retries Parameters Parameter Description n a Example set blade update schedule advanced settings max num of retries 10 ...

Page 226: ...blade update schedule Description Configures advanced settings for Software Blade updates Syntax set blade update schedule advanced settings timeout until retry timeout until retry Parameters Parameter Description n a Example set blade update schedule advanced settings timeout until retry 10 ...

Page 227: ...show blade update schedule SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 227 show blade update schedule Shows the configuration of Software Blade updates schedule ...

Page 228: ...e Series R80 20 05 CLI Reference Guide 228 show blade update schedule Description Shows the configuration of Software Blade updates schedule Syntax show blade update schedule Parameters Parameter Description n a Example show blade update schedule ...

Page 229: ... CLI Reference Guide 229 show blade update schedule Description Shows advanced settings of Software Blade updates schedule Syntax show blade update schedule advanced settings Parameters Parameter Description n a Example show blade update schedule advanced settings ...

Page 230: ...bookmark SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 230 bookmark ...

Page 231: ...257 characters of this set 0 9 a z or password The password for remote desktop connection Type A string that contains alphanumeric and special characters screen height The height of the screen when the bookmark is remote desktop Type A number with no fractional part integer screen width The width of the screen when the bookmark is remote desktop Type A number with no fractional part integer toolti...

Page 232: ...iance Series R80 20 05 CLI Reference Guide 232 Example add bookmark label myLabel url http www checkpoint com tooltip This is a comment type link is global true user name admin password a 7Ba screen width 1920 screen height 1080 ...

Page 233: ...delete bookmark SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 233 delete bookmark Deletes an existing bookmark link that appears in the SNX VPN remote access landing page ...

Page 234: ...cription Deletes an existing bookmark link by label Syntax delete bookmark label label Parameters Parameter Description label Text for the bookmark in the SSL Network Extender portal Type A string that contains less than 257 characters of this set 0 9 a z or Example delete bookmark label myLabel ...

Page 235: ... SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 235 delete bookmark Description Deletes all existing bookmark links Syntax delete bookmark all Parameters Parameter Description n a Example delete bookmark all ...

Page 236: ...his set 0 9 a z or new label Text for the bookmark in the SSL Network Extender portal Type A string that contains less than 257 characters of this set 0 9 a z or password The password for remote desktop connection Type A string that contains alphanumeric and special characters screen height The height of the screen when the bookmark is remote desktop Type A number with no fractional part integer s...

Page 237: ...he user name for remote desktop connection Type A string that contains 0 9 a z up to 64 characters without spaces Example set bookmark label myLabel new label myNewLabel url http www checkpoint com tooltip myToolTip type link is global true user name admin password a 7Ba screen width 1920 screen height 1080 ...

Page 238: ...kmark defined to be shown to users when connecting to the SNX portal using remote access VPN Syntax show bookmark label label Parameters Parameter Description label Text for the bookmark in the SSL Network Extender portal Type A string that contains less than 257 characters of this set 0 9 a z or Example show bookmark label myLabel ...

Page 239: ... 20 05 CLI Reference Guide 239 show bookmarks Description Shows all bookmarks defined to be shown to users when connecting to the SNX portal using remote access VPN Syntax show bookmarks Parameters Parameter Description n a Example show bookmarks ...

Page 240: ...bridge SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 240 bridge ...

Page 241: ...ance Series R80 20 05 CLI Reference Guide 241 add bridge Description Adds a new bridge Syntax add bridge name name Parameters Parameter Description name Bridge name Type A bridge name should be br0 9 Example add bridge name br7 ...

Page 242: ...e Series R80 20 05 CLI Reference Guide 242 delete bridge Description Deletes an existing bridge Syntax delete bridge name Parameters Parameter Description name Bridge name Type A bridge name should be br0 9 Example delete brdige br7 ...

Page 243: ...set bridge SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 243 set bridge Configures an existing bridge interface ...

Page 244: ...uide 244 set bridge Description Configures an existing bridge interface Syntax set bridge name stp stp Parameters Parameter Description name Bridge name Type A bridge name should be br0 9 stp Spanning Tree Protocol mode Options on off Example set bridge br7 stp on ...

Page 245: ... set bridge Description Adds an existing network interface to an existing bridge Syntax set bridge name add member member Parameters Parameter Description member Network name name Bridge name Type A bridge name should be br0 9 Example set bridge br7 add member My_Network ...

Page 246: ...bridge Description Removes an existing network interface from an existing bridge Syntax set bridge name remove member member Parameters Parameter Description member Network name name Bridge name Type A bridge name should be br0 9 Example set bridge br7 remove member My_Network ...

Page 247: ... 20 05 CLI Reference Guide 247 show bridge Description Shows configuration and statistics of a defined bridge Syntax show bridge name Parameters Parameter Description name Bridge name Type A bridge name should be br0 9 Example show bridge br7 ...

Page 248: ...bridges SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 248 show bridges Description Shows details of all defined bridges Syntax show bridges Parameters Parameter Description n a Example show bridges ...

Page 249: ...ce Series R80 20 05 CLI Reference Guide 249 show cellular modem status Description Show the status of the cellular LTE modem Syntax show cellular modem status Parameters Parameter Description N A Example show cellular modem status ...

Page 250: ...0 20 05 CLI Reference Guide 250 show clock Description Shows current system date and time Syntax show clock Parameters Parameter Description n a Example show clock Output Success shows date and time Failure shows an appropriate error message ...

Page 251: ...cloud deployment SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 251 cloud deployment ...

Page 252: ...eway name template template container container Parameters Parameter Description cloud url The DNS or IP address through which the device will connect to the cloud service Type URL container Container Type String gateway name The appliance name used to identify the gateway Type A string that contains A Z 0 9 and characters template Template Type String Example set cloud deployment cloud url http w...

Page 253: ...ppliance Series R80 20 05 CLI Reference Guide 253 show cloud deployment Description Shows the configuration of cloud management connection Syntax show cloud deployment Parameters Parameter Description n a Example show cloud deployment ...

Page 254: ...cloud notifications SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 254 cloud notifications These commands are relevant for Cloud notifications ...

Page 255: ...ribes the notification type including n license expired n license about to expire n license activated n infected device n malicious file blocked n malicious file downloaded n firmware upgrade available n new device n system up n unexpected reboot n primary internet up n secondary internet up n malicious mail blocked n malicious mail received n reconnected device mode Enable sending the chosen clou...

Page 256: ...00 Appliance Series R80 20 05 CLI Reference Guide 256 show cloud notifications Description Show mode for all types of notifications Syntax show cloud notifications Parameters Parameter Description n a Example show cloud notifications ...

Page 257: ...257 send cloud report Description Force sending a report to Cloud Services Syntax send cloud report type type Parameters Parameter Description type The report type Options top last hour top last day top last week top last month 3d Example send cloud report type top last hour ...

Page 258: ...cloud services SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 258 cloud services ...

Page 259: ...Appliance Series R80 20 05 CLI Reference Guide 259 reconnect cloud services Description Force a manual reconnection to Cloud Services Syntax reconnect cloud services Parameters Parameter Description n a Example reconnect cloud services ...

Page 260: ...set cloud services SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 260 set cloud services Configures settings for cloud SMP management connection ...

Page 261: ...rusted certificate Is the service center URL is a trusted certificate Type Boolean true false gateway id Gateway id in the format gateway name portal name This is not needed if an activation key was configured Type cloudGwName mode Indicates if the device is managed by a cloud service Options off on registration key Registration key that acts as a password when connecting to the cloud service for ...

Page 262: ...P management connection Syntax set cloud services advanced settings cloud management configuration smp login smp login show mgmt server details on login show mgmt server details on login Parameters Parameter Description n a Example set cloud services advanced settings cloud management configuration smp login true show mgmt server details on login true ...

Page 263: ...R80 20 05 CLI Reference Guide 263 show cloud services Description Shows advanced settings of cloud management connection Syntax show cloud services advanced settings Parameters Parameter Description n a Example show cloud services advanced settings ...

Page 264: ...0 20 05 CLI Reference Guide 264 show cloud services connection details Description Shows connection details for cloud management connection Syntax show cloud services connection details Parameters Parameter Description n a Example show cloud services connection details ...

Page 265: ...cloud services firmware upgrade SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 265 cloud services firmware upgrade ...

Page 266: ...set cloud services firmware upgrade SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 266 set cloud services firmware upgrade Configure settings for the firmware upgrade Cloud Services ...

Page 267: ...nable auto firmware upgrades Upgrades may occur immediately or be scheduled according to a predefined frequency Type Boolean true false day of month Choose the desired day of the month Type A number with no fractional part integer day of week Choose the desired day of week Options sunday monday tuesday wednesday thursday friday saturday frequency Indicates the preferred time to perform upgrade onc...

Page 268: ...firmware upgrade Description Configures advanced settings for the firmware upgrade Cloud Services Syntax set cloud services firmware upgrade advanced settings max num of retries max num of retries Parameters Parameter Description n a Example set cloud services firmware upgrade advanced settings max num of retries 15 ...

Page 269: ...rmware upgrade Description Configures advanced settings for the firmware upgrade Cloud Services Syntax set cloud services firmware upgrade advanced settings timeout until retry timeout until retry Parameters Parameter Description n a Example set cloud services firmware upgrade advanced settings timeout until retry 15 ...

Page 270: ...show cloud services firmware upgrade SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 270 show cloud services firmware upgrade Shows configuration of the Firmware Upgrade Cloud Services ...

Page 271: ...80 20 05 CLI Reference Guide 271 show cloud services firmware upgrade Description Shows configuration of the Firmware Upgrade Cloud Services Syntax show cloud services firmware upgrade Parameters Parameter Description n a Example show cloud services firmware upgrade ...

Page 272: ...ce Guide 272 show cloud services firmware upgrade Description Shows advanced settings of the Firmware Upgrade Cloud Services Syntax show cloud services firmware upgrade advanced settings Parameters Parameter Description n a Example show cloud services firmware upgrade advanced settings ...

Page 273: ... R80 20 05 CLI Reference Guide 273 show cloud service managed blades Description Shows the currently managed blades by the cloud management Syntax show cloud services managed blades Parameters Parameter Description n a Example show cloud services managed blades ...

Page 274: ...0 20 05 CLI Reference Guide 274 show cloud services managed services Description Shows the currently managed services by the cloud management Syntax show cloud services managed services Parameters Parameter Description n a Example show cloud services managed services ...

Page 275: ...80 20 05 CLI Reference Guide 275 fetch cloud services policy Description Fetch configuration now from your Cloud Services Security Management Server Syntax fetch cloud services policy Parameters Parameter Description n a Example fetch cloud services policy ...

Page 276: ... Series R80 20 05 CLI Reference Guide 276 show cloud services status Description Shows the current status of the cloud management connection Syntax show cloud services status Parameters Parameter Description n a Example show cloud services status ...

Page 277: ...commands SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 277 show commands Description Shows all available CLI commands Syntax show commands Parameters Parameter Description n a Example show commands ...

Page 278: ...vice as it appears in the output of the cphaprob list p The configuration change is permanent and applies after the appliance reboots t timeout If device fails to contact ClusterXL in timeout seconds device is considered to have failed To disable this parameter enter the value 0 s Status to be reported ok appliance is alive init appliance is initializing problem appliance has failed f file registe...

Page 279: ...d Argument Description cphaprob d device t timeout sec s ok init problem p register Register device as a critical process and add it to the list of devices that must be running for the cluster member to be considered active cphaprob f file register Register all the user defined critical devices listed in file cphaprob d device p unregister Unregister a user defined device as a critical process Thi...

Page 280: ...rence Guide 280 Examples cphaprob d device t timeout sec s ok init problem p register cphaprob f file register cphaprob d device p unregister cphaprob a unregister cphaprob d device s ok init problem report cphaprob i a e list cphaprob state cphaprob a if ...

Page 281: ...the appliance Running cphastopon an appliance that is a cluster member stops the appliance from passing traffic State synchronization also stops Syntax cphastop Parameters Parameter Description n a Return Value 0 on success 1 on failure Example cphastop Output Success prints OK Failure shows an appropriate error message ...

Page 282: ...les is saved to a USB drive or TFTP server The CPinfo output file enables Check Point s support engineers to analyze setups from a remote location Syntax cpinfo to tftp ipaddr to usb Parameters Parameter Description ipaddr IPv4 address Return Value 0 on success 1 on failure Example cpinfo to usb Output Success prints Creating cpinfo txt file Failure shows an appropriate error message ...

Page 283: ...Check Point processes and applications running on a machine Description Starts firewall services Syntax cpstart Parameters Parameter Description n a Return Value 0 on success 1 on failure Example cpstart Output Success shows Starting CP products Failure shows an appropriate error message ...

Page 284: ...ommunication SIC name of the server f flavor The flavor of the output as it appears in the configuration file The default is the first flavor found in the configuration file o polling Polling interval seconds specifies the pace of the results The default is 0 meaning the results are shown only once c count Specifies how many times the results are shown The default is 0 meaning the results are repe...

Page 285: ...agement Server persistency for historical status values polsrv uas svr cpsemd cpsead asm ls ca Return Value 0 on success 1 on failure Example cpstat c 3 o 3 fw Output Success shows OK Failure shows an appropriate error message The following flavors can be added to the application flags n fw default interfaces all policy perf hmem kmem inspect cookies chains fragments totals ufp http ftp telnet rlo...

Page 286: ...memory old_memory cpu disk perf multi_cpu multi_ disk all average_cpu average_memory statistics n mg default n persistency product Tableconfig SourceConfig n polsrv default all n uas default n svr default n cpsemd default n cpsead default n asm default WS n ls default n ca default crl cert user all ...

Page 287: ...rewall services and terminates all Check Point processes and applications running on the appliance Syntax cpstop Parameters Parameter Description n a Return Value 0 on success 1 on failure Example cpstop Output Success shows Uninstalling Security Policy Failure shows an appropriate error message ...

Page 288: ...r monitor_list Parameters Parameter Description del Deletes process detach Detaches process list Print status of processes kill Stops cpWatchDog exist Checks if cpWatchDog is running start_monitor cpwd starts monitoring this machine stop_monitor cpwd stops monitoring this machine monitor_list Displays list of monitoring processes name Name of process Return Value 0 on success 1 on failure Example ...

Page 289: ...date SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 289 date ...

Page 290: ...set date SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 290 set date Configures the device s date and time ...

Page 291: ...80 20 05 CLI Reference Guide 291 set date Description Manually configure the device s date Syntax set date date Parameters Parameter Description date Date in the format YYYY MM DD Type A date format yyyy mm dd Example set date 2000 01 01 ...

Page 292: ...Series R80 20 05 CLI Reference Guide 292 set date Description Manually configure the device s time Syntax set time time Parameters Parameter Description time Time in the format HH MM Type A time format hh mm Example set time 23 20 ...

Page 293: ...es R80 20 05 CLI Reference Guide 293 set date Description Manually configure the device s time zone Syntax set timezone timezone Parameters Parameter Description timezone Timezone location Example set timezone GMT 11 00 Midway Island ...

Page 294: ... Configures if the daylight savings will be changed automatically Syntax set timezone dst automatic timezone dst automatic Parameters Parameter Description timezone dst automatic Automatic adjustment clock for daylight saving changes flag Options on off Example set timezone dst automatic on ...

Page 295: ...show date SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 295 show date Shows date and time ...

Page 296: ...show date SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 296 show date Description Shows current date of the appliance Syntax show date Parameters Parameter Description n a Example show date ...

Page 297: ...show date SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 297 show date Description Shows current time of the appliance Syntax show time Parameters Parameter Description n a Example show time ...

Page 298: ...date SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 298 show date Description Shows current time zone of the appliance Syntax show timezone Parameters Parameter Description n a Example show timezone ...

Page 299: ...ppliance Series R80 20 05 CLI Reference Guide 299 show date Description Shows current daylight savings configuration of the appliance Syntax show timezone dst Parameters Parameter Description n a Example show timezone dst ...

Page 300: ...d Syntax restore default settings preserve sic yes no preserve license yes no force yes no Parameters Parameter Description preserve sic Select whether to preserve your current SIC settings preserve license Select whether to preserve your current license force Skip the confirmation question Return Value 0 on success 1 on failure Example restore default settings preserve sic yes Comments The applia...

Page 301: ...dhcp relay SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 301 dhcp relay ...

Page 302: ...y Description Configures advanced settings for DHCP Relay functionality Syntax set dhcp relay advanced settings use internal ip addrs as source use internal ip addrs as source Parameters Parameter Description n a Example set dhcp relay advanced settings use internal ip addrs as source true ...

Page 303: ...ance Series R80 20 05 CLI Reference Guide 303 show dhcp relay Description Shows advanced settings for DHCP relay Syntax show dhcp relay advanced settings Parameters Parameter Description n a Example show dhcp relay advanced settings ...

Page 304: ... SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 304 show dhcp servers Description Shows configuration for all DHCP servers Syntax show dhcp servers Parameters Parameter Description n a Example show dhcp servers ...

Page 305: ...dhcp server interface SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 305 dhcp server interface ...

Page 306: ...ption Deletes the configured exclude range from the DHCP server settings of a specific network interface Syntax delete dhcp server interface name exclude range Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters Example delete dhcp server interface My_Network exclude range ...

Page 307: ...set dhcp server interface SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 307 set dhcp server interface Configures DHCP server settings ...

Page 308: ... Type virtual custom option name Set the name of the object Type A string that contains alphanumeric characters or hyphen data Set the desired value of the object Type String tag Select a unique tag for the object Type A number with no fractional part integer type Select the appropriate type to store your object Options string int8 int16 int32 uint8 uint16 uint32 boolean ipv4 address ipv4 address ...

Page 309: ...HCP server is active or not on an existing network interface Syntax set dhcp server interface name disable enable Parameters Parameter Description dhcp Use DHCP Server with a specified IP address range Options off on relay name Network name Type A string that contains A Z 0 9 _ and characters Example set dhcp server interface My_Network off ...

Page 310: ...ay to secondary secondary relay secondary relay secondary Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters relay relay to Enter the DHCP server IP address Type IP address relay secondary This field is deprecated Please use field secondary secondary Enter the secondary DHCP server IP address Type IP address Example set dhcp server interface My_...

Page 311: ... DHCP server on an existing network interface Syntax set dhcp server interface name include ip pool include ip pool Parameters Parameter Description include ip pool DHCP range Type A range of IP addresses name Network name Type A string that contains A Z 0 9 _ and characters Example set dhcp server interface My_Network include ip pool 192 168 1 1 192 168 1 10 ...

Page 312: ...HCP server on an existing network interface Syntax set dhcp server interface name default gateway default gateway Parameters Parameter Description default gateway A virtual field calculated by the values of the fields dhcpGwMode dhcpGw name Network name Type A string that contains A Z 0 9 _ and characters Example set dhcp server interface My_Network default gateway auto ...

Page 313: ...es the WINS mode provided by a DHCP server on an existing network interface Syntax set dhcp server interface name wins mode wins mode Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters wins mode Configure the WINS Server Example set dhcp server interface My_Network wins mode auto ...

Page 314: ...interface Syntax set dhcp server interface name wins primary wins primary secondary secondary Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters secondary Configure the IP address for the second WINS server wins primary Configure the IP address for the first WINS server Example set dhcp server interface My_Network wins primary 192 168 1 1 second...

Page 315: ...erver on an existing network interface Syntax set dhcp server interface name lease time lease time Parameters Parameter Description lease time Configure the timeout in hours for a single device to retain a dynamically acquired IP address name Network name Type A string that contains A Z 0 9 _ and characters Example set dhcp server interface My_Network lease time 30 ...

Page 316: ...nfigures the domain used by a DHCP server on an existing network interface Syntax set dhcp server interface name domain domain Parameters Parameter Description domain The domain name of the DHCP name Network name Type A string that contains A Z 0 9 _ and characters Example set dhcp server interface My_Network domain myHost com ...

Page 317: ...server interface name ntp ntp secondary secondary Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters ntp Configure the first NTP Network Time Protocol server to be distributed to DHCP client secondary Configure the second NTP Network Time Protocol server to be distributed to DHCP client Example set dhcp server interface My_Network ntp 192 168 1 ...

Page 318: ...TFTP server used by a DHCP server on an existing network interface Syntax set dhcp server interface name tftp tftp Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters tftp Configure TFTP server to be distributed to DHCP client Example set dhcp server interface My_Network tftp 192 168 1 1 ...

Page 319: ...e TFTP bootfile used by a DHCP server on an existing network interface Syntax set dhcp server interface name file file Parameters Parameter Description file Configure TFTP bootfile to be distributed to DHCP client name Network name Type A string that contains A Z 0 9 _ and characters Example set dhcp server interface My_Network file word ...

Page 320: ... set dhcp server interface name callmgr callmgr secondary secondary Parameters Parameter Description callmgr Configure the first Call manager server to be distributed to DHCP client name Network name Type A string that contains A Z 0 9 _ and characters secondary Configure the second Call manager server to be distributed to DHCP client Example set dhcp server interface My_Network callmgr 192 168 1 ...

Page 321: ...a DHCP server on an existing network interface Syntax set dhcp server interface name xwin display mgr xwin display mgr Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters xwin display mgr Configure X Windows display manager to be distributed to DHCP client Example set dhcp server interface My_Network xwin display mgr 192 168 1 1 ...

Page 322: ...er used by a DHCP server on an existing network interface Syntax set dhcp server interface name avaya voip avaya voip Parameters Parameter Description avaya voip Configure Avaya IP phone to be distributed to DHCP client name Network name Type A string that contains A Z 0 9 _ and characters Example set dhcp server interface My_Network avaya voip 192 168 1 1 ...

Page 323: ... used by a DHCP server on an existing network interface Syntax set dhcp server interface name nortel voip nortel voip Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters nortel voip Configure Nortel IP phone to be distributed to DHCP client Example set dhcp server interface My_Network nortel voip 192 168 1 1 ...

Page 324: ...sed by a DHCP server on an existing network interface Syntax set dhcp server interface name thomson voip thomson voip Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters thomson voip Configure Thomson IP phone to be distributed to DHCP client Example set dhcp server interface My_Network thomson voip 192 168 1 1 ...

Page 325: ...rvers it is configured with otherwise Syntax set dhcp server interface name dns none manual primary primary secondary secondary tertiary tertiary auto Parameters Parameter Description dns Configure the DNS Server name Network name Type A string that contains A Z 0 9 _ and characters primary Configure the IP address for the first DNS server secondary Configure the IP address for the second DNS serv...

Page 326: ...ded by a DHCP server on an existing network interface in manual mode Syntax set dhcp server interface name dns primary dns primary Parameters Parameter Description dns primary Configure the IP address for the first DNS server name Network name Type A string that contains A Z 0 9 _ and characters Example set dhcp server interface My_Network dns primary 192 168 1 1 ...

Page 327: ...by a DHCP server on an existing network interface in manual mode Syntax set dhcp server interface name dns secondary dns secondary Parameters Parameter Description dns secondary Configure the IP address for the second DNS server name Network name Type A string that contains A Z 0 9 _ and characters Example set dhcp server interface My_Network dns secondary 192 168 1 1 ...

Page 328: ...d by a DHCP server on an existing network interface in manual mode Syntax set dhcp server interface name dns tertiary dns tertiary Parameters Parameter Description dns tertiary Configure the IP address for the third DNS server name Network name Type A string that contains A Z 0 9 _ and characters Example set dhcp server interface My_Network dns tertiary 192 168 1 1 ...

Page 329: ...tion from a DHCP server on an existing network interface Syntax set dhcp server interface name remove custom option custom option Parameters Parameter Description custom option Set the name of the object name Network name Type A string that contains A Z 0 9 _ and characters Example set dhcp server interface My_Network remove custom option MyOption ...

Page 330: ...show dhcp server interface SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 330 show dhcp server interface Shows configuration of DHCP servers ...

Page 331: ...erver interface Description Shows the configuration of a DHCP server configured on a specific interface network Syntax show dhcp server interface name Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters Example show dhcp server interface My_Network ...

Page 332: ...erface Description Shows the IP address pool of a DHCP server configured on a specific interface network Syntax show dhcp server interface name ip pool Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters Example show dhcp server interface My_Network ip pool ...

Page 333: ...LI Reference Guide 333 show diag Description Shows information about your appliance such as the current firmware version and additional details Syntax show diag Parameters Parameter Description n a Example show diag Output Current system information ...

Page 334: ...sk usage Description Shows the file system space used and space available Syntax show disk usage h m k Parameters Parameter Description h Human readable e g 1K 243M 2G m 1024 1024 blocks k 1024 blocks Example show disk usage h Output Current file system space used and space available ...

Page 335: ...dns SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 335 dns ...

Page 336: ...delete dns SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 336 delete dns Deletes configured DNS settings ...

Page 337: ... Appliance Series R80 20 05 CLI Reference Guide 337 delete dns Description Deletes configured primary DNS Syntax delete dns primary ipv4 address Parameters Parameter Description n a Example delete dns primary ipv4 address ...

Page 338: ...pliance Series R80 20 05 CLI Reference Guide 338 delete dns Description Deletes configured secondary DNS Syntax delete dns secondary ipv4 address Parameters Parameter Description n a Example delete dns secondary ipv4 address ...

Page 339: ...ppliance Series R80 20 05 CLI Reference Guide 339 delete dns Description Deletes configured tertiary DNS Syntax delete dns tertiary ipv4 address Parameters Parameter Description n a Example delete dns tertiary ipv4 address ...

Page 340: ... 1500 Appliance Series R80 20 05 CLI Reference Guide 340 delete dns Description Deletes configured domain name of the appliance Syntax delete domainname Parameters Parameter Description n a Example delete domainname ...

Page 341: ...set dns SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 341 set dns Configures the DNS and domain settings for the device ...

Page 342: ...condary ipv4 address tertiary ipv4 address tertiary ipv4 address Parameters Parameter Description primary ipv4 address First global DNS IP address Type IP address secondary ipv4 address Second global DNS IP address Type IP address tertiary ipv4 address Third global DNS IP address Type IP address Example set dns primary ipv4 address 192 168 1 1 secondary ipv4 address 192 168 1 1 tertiary ipv4 addre...

Page 343: ...e for the device It can either use manually configured DNS servers or use the DNS servers provided to him by the active internet connection from his ISP Syntax set dns mode mode Parameters Parameter Description mode Status of appliance using global DNS servers Options global internet Example set dns mode global ...

Page 344: ...can translate from hostname to IP address for local networks Syntax set dns proxy on resolving resolving off Parameters Parameter Description proxy Relay DNS requests from internal network clients to the DNS servers defined above Type Press TAB to see available options resolving Use network objects as a hosts list to translate names to their IP addresses Options on off Example set dns proxy on res...

Page 345: ...n Configures the domain settings for the device Syntax set domainname domainname Parameters Parameter Description domainname Identification string that defines a realm of administrative autonomy authority or control in the Internet Type A FQDN Example set domainname somehost example com ...

Page 346: ...show dns SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 346 show dns Shows configuration for DNS and domain name ...

Page 347: ...show dns SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 347 show dns Description Shows configuration for DNS Syntax show dns Parameters Parameter Description n a Example show dns ...

Page 348: ... dns SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 348 show dns Description Shows configuration for domain name Syntax show domainname Parameters Parameter Description n a Example show domainname ...

Page 349: ...dsl SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 349 dsl ...

Page 350: ...ngs global settings Description Set DSL configuration parameters Syntax set dsl advanced settings global settings ginp ginp sra sra Parameters Parameter Description ginp Enhanced Impulse Noise Protection sra Enables Seamless Rate Adaption Example set dsl advanced settings global settings ginp downstream and upstream sra true ...

Page 351: ...cription vdsl2 Supports ITU G 993 2 VDSL2 standard dmt Supports ITU G 992 1 ADSL G dmt standard adsl lite Supports ITU G 992 2 ADSL Lite G lite standard adsl2 Supports ITU G 992 3 ADSL2 standard adsl2plus Supports ITU G 992 5 Annex M ADSL2 M standard t1413 Supports ANSI T1 413 1998 Issue 2 ADSL annex m In an Annex A appliance Combined with supported ADSL2 it specifies support for Annex M ADSL2 In ...

Page 352: ...ds SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 352 Parameter Description vdsl 17a Supports VDSL Profile 17a vdsl us0 Enables usage of first upstream band in VDSL2 Example set dsl advanced settings standards adsl2plus false ...

Page 353: ...rameters Syntax show dsl advanced settings Parameters Parameter Description n a Example show dsl advanced settings Sample Output adsl2plus true vdsl 8d true vdsl 8c true vdsl 8b true annex m false t1413 true vdsl 17a true adsl lite true vdsl2 true annex l false vdsl 12b true adsl2 true dmt true ginp disabled sra false vdsl8a true vdsl us0 true vdsl 12a true ...

Page 354: ... in the peer DSLAM MSAG i e IFTN BDCM 4 hex digits representing the firmware version of the vendor power up Indicates the appliance transmission power dBm hec up Indicates the number of HEC errors counted by the peer DSLAM MSAG attn up Indicates the upstream attenuation dB attn down Indicates the attenuation of the power from the peer DSLAM MSAG to the appliance dB rs down Indicates the number of ...

Page 355: ... trellis Indicates whether trellis was enabled in the appliance configuration Possible values On Off configured ginp Indicates the upstream downstream on off for the configured Enhanced Impulse response Possible values Off Off Off On On Off On On configured bitswap Indicates the upstream downstream on off for the Bit Swap configured in the appliance Possible values On Off vectoring Indicates the v...

Page 356: ...up 208 configured sra Off rs up 1610329207 configured trellis On total cells down 2609810117 snr up 15 4 tpstc PTM bitrate up 5024 vectoring 5 DSLAM is not a vectored DSLAM vendor IFTN 0xb206 status Showtime rs down 2127995393 mode VDSL2 Annex B hec up 0 bitrate down 48470 training Showtime power down 7 7 total cells up 0 hec down 0 attn down 25 9 attn up 0 0 configured bitswap Off ...

Page 357: ...dynamic dns SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 357 dynamic dns ...

Page 358: ...set dynamic dns SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 358 set dynamic dns Configures a persistent domain name for the device ...

Page 359: ...evice will use Type A FQDN is active Is the DDNS service active Type Boolean enable disable password The password of the account Type A string that contains alphanumeric and special characters provider Select the DDNS provider that you have already set up an account with Options no ip com DynDns user The user name of the account Type DynDns provider begins with a letter and have 2 25 alphanumeric ...

Page 360: ...LI Reference Guide 360 set dynamic dns Description Configure advanced settings for the DDNS service Syntax set dynamic dns advanced settings iterations iterations Parameters Parameter Description n a Example set dynamic dns advanced settings iterations 15 ...

Page 361: ...show dynamic dns SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 361 show dynamic dns Shows configuration for DDNS service ...

Page 362: ...dns SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 362 show dynamic dns Description Shows configuration for DDNS service Syntax show dynamic dns Parameters Parameter Description n a Example show dynamic dns ...

Page 363: ...ce Series R80 20 05 CLI Reference Guide 363 show dynamic dns Description Shows advanced settings for DDNS service Syntax show dynamic dns advanced settings Parameters Parameter Description n a Example show dynamic dns advanced settings ...

Page 364: ... not necessary to reinstall the policy Description Manages dynamic objects on the appliance Syntax dynamic_objects o object r fromIP toIP a d l n object c do object Parameters Parameter Description o Name of the dynamic object that is being configured r Defines the range of IP addresses that are being configured for this object a Adds range of IP addresses to the dynamic object d Deletes range of ...

Page 365: ...dynamic objects SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 365 Output Success shows Operation completed successfully Failure shows an appropriate error message ...

Page 366: ...exit SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 366 exit Description Exits from the shell Syntax exit Parameters Parameter Description n a Example exit ...

Page 367: ...ss_hash Parameters Parameter Description pass Password using alphanumeric and special characters pass_hash Password MD5 string representation Example set expert password hash 1 fGT7pGX6 oo9LUBJTkLOGKLhjRQ2rw1 Output Success shows OK Failure shows an appropriate error message Comments To generate a password hash you can use this command on any Check Point SMB Appliance gateway as an expert user cry...

Page 368: ...You fetch the certificate from a specific appliance with the gateway name parameter Syntax fetch certificate mgmt ipv4 address ip_addr gateway name gw_name Parameters Parameter Description ip_addr Management IPv4 address gw_name Appliance Module name Example fetch certificate mgmt ipv4 address 192 168 1 100 gateway name SMB_ Appliance Output Success shows OK Failure shows an appropriate error mess...

Page 369: ...with IPv4 address ip_addr or from the local gateway Syntax fetch policy local mgmt ipv4 address ip_addr Parameters Parameter Description ip_addr IPv4 address of the Security Management Server Return Value 0 on success 1 on failure Example fetch policy mgmt ipv4 address 192 168 1 100 Output Success shows Done Failure shows an appropriate error message ...

Page 370: ... fw command Explanation fw accel h Turn acceleration on off fw activation h Activate license fw avload h Load Anti Virussignatures to kernel fw ctl args Control kernel fw debug h Turn debug output on or off fw fetch Fetch last policy fw fetchdefault h Fetch default policy fw fetchlocal h Fetch local policy fw monitor h Monitor Check Point Appliance traffic fw pull_cert Pull certificate from intern...

Page 371: ...fw commands SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 371 fw ver k Display version ...

Page 372: ...fw policy SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 372 fw policy ...

Page 373: ...set fw policy SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 373 set fw policy Configures the default policy for the Firewall blade ...

Page 374: ...d traffic track allowed traffic track blocked traffic track blocked traffic Parameters Parameter Description mode Current mode for firewall policy track allowed traffic Indicates if accepted connections are logged Options none log track blocked traffic Indicates if blocked connections are logged Options none log Example set fw policy mode off track allowed traffic none track blocked traffic none ...

Page 375: ...policy Description Configures advanced settings for the default policy of the Firewall blade Syntax set fw policy advanced settings blocked packets action blocked packets action Parameters Parameter Description n a Example set fw policy advanced settings blocked packets action auto ...

Page 376: ... set fw policy Description Configures advanced settings for the default policy of the Firewall blade Syntax set fw policy advanced settings log implied rules log implied rules Parameters Parameter Description n a Example set fw policy advanced settings log implied rules true ...

Page 377: ...show fw policy SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 377 show fw policy Shows the configured policy for the Firewall blade ...

Page 378: ...MB 1500 Appliance Series R80 20 05 CLI Reference Guide 378 show fw policy Description Shows the configured policy for the Firewall blade Syntax show fw policy Parameters Parameter Description n a Example show fw policy ...

Page 379: ...e Series R80 20 05 CLI Reference Guide 379 show fw policy Description Shows advanced settings for the Firewall blade Syntax show fw policy advanced settings Parameters Parameter Description n a Example show fw policy advanced settings ...

Page 380: ...cy Description Shows the configuration for customizable messages shown to users upon actions Syntax show fw policy user check block ask accept Parameters Parameter Description user check Activity message type Type Press TAB to see available options Example show fw policy user check block ...

Page 381: ...Accept user message Type A string that contains only printable characters fallback action Indicates the action to take when an Accept user message cannot be displayed Options block accept frequency Indicates how often is the APPI Accept user message is being presented to the same user Options day week month subject The subject of an APPI Accept user message Type A string that contains only printab...

Page 382: ...s only printable characters confirm text This text appears next to the ignore warning checkbox of an APPI Ask user message Type A string that contains only printable characters fallback action The action that is performed when the Ask message cannot be shown Options block accept frequency Indicates how often is the APPI Ask user message is being presented to the same user Options day week month re...

Page 383: ...SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 383 Example set fw policy user check ask body My Network confirm text My Network fallback action block frequency day subject My Network title My Network reason displayed true ...

Page 384: ...characters redirect to url Indicates if the user will be redirected to a custom URL in case of a Block action Type Boolean true false redirect url Indicates the URL to redirect the user in case of a Block action if configured to do so The URL to redirect the user in case of a Block action Redirection happens only if this functionality is turned on Type urlWithHttp subject The subject of an APPI Bl...

Page 385: ...ser check block device body body subject subject title title Parameters Parameter Description body The informative text that appears in the Block Device user message Type A string that contains only printable characters subject The subject of the Block Device user message Type A string that contains only printable characters title The title of the Block Device user message Type A string that conta...

Page 386: ...k infected device body body subject subject title title Parameters Parameter Description body The informative text that appears in the Block Infected Device user message Type A string that contains only printable characters subject The subject of the Block Infected Device user message Type A string that contains only printable characters title The title of the Block Infected Device user message Ty...

Page 387: ...global radius conf SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 387 global radius conf ...

Page 388: ... the identifying IP Address of the NAS which is requesting authentication of the user and should be unique to the NAS within the scope of the RADIUS server Syntax set global radius conf nas ip address nas ip address nasIPV6 nasIPV6 Parameters Parameter Description nas ip address Nas ip address Type IP address nasIPV6 nasIPV6 Type ipv6addr Example set global radius conf nas ip address 192 168 1 1 n...

Page 389: ... Series R80 20 05 CLI Reference Guide 389 show global radius conf Description Configure the NAS IP IPv6 address for RADIUS server authentication Syntax show global radius conf Parameters Parameter Description n a Example show global radius conf ...

Page 390: ...group SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 390 group ...

Page 391: ...on comments Comments and explanation about the Network Object group Type A string that contains less than 257 characters of this set 0 9 a z or member An association field to the contained network objects name Network Object group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example add group name myObject_17 comments This is a ...

Page 392: ...ription Deletes an existing group object of network objects Syntax delete group name Parameters Parameter Description name Network Object group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example delete group myObject_17 ...

Page 393: ...set group SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 393 set group Configures an existing network objects group ...

Page 394: ...ut the Network Object group Type A string that contains less than 257 characters of this set 0 9 a z or name Network Object group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces new name Network Object group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example se...

Page 395: ...mbers from an existing network objects group Syntax set group name remove all members Parameters Parameter Description name Network Object group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example set group myObject_17 remove all members ...

Page 396: ... to an existing network objects group Syntax set group name add member member Parameters Parameter Description member Network Object name name Network Object group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example set group myObject_17 add member TEXT ...

Page 397: ...rom an existing network objects group Syntax set group name remove member member Parameters Parameter Description member Network Object name name Network Object group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example set group myObject_17 remove member TEXT ...

Page 398: ...Description Shows the contents of a network object group Syntax show group name Parameters Parameter Description name Network Object group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example show group myObject_17 ...

Page 399: ...ps SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 399 show groups Description Shows the contents of all network object groups Syntax show groups Parameters Parameter Description n a Example show groups ...

Page 400: ...host SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 400 host ...

Page 401: ...rameters Parameter Description dhcp exclude ip addr Indicates if the object s IP address es is excluded from internal DHCP daemon Type Press TAB to see available options dhcp reserve ip addr to mac Indicates if the IP address is reserved in internal DHCP daemon Type Press TAB to see available options dns resolving Indicates if the name of the server network object will be used as a hostname for in...

Page 402: ...ple add host name TEXT dhcp exclude ip addr on dhcp reserve ip addr to mac on mac addr 00 1C 7F 21 05 BE reserve mac address 00 1C 7F 21 05 BE mac reserved in dhcp on mac addr 00 1C 7F 21 05 BE reserve mac address 00 1C 7F 21 05 BE dns resolving true ipv4 address 192 168 1 1 ...

Page 403: ...ance Series R80 20 05 CLI Reference Guide 403 delete host Description Deletes an existing network host object Syntax delete host name Parameters Parameter Description name Network Object name Type String Example delete host TEXT ...

Page 404: ...rameters Parameter Description dhcp exclude ip addr Indicates if the object s IP address es is excluded from internal DHCP daemon Type Press TAB to see available options dhcp reserve ip addr to mac Indicates if the IP address is reserved in internal DHCP daemon Type Press TAB to see available options dns resolving Indicates if the name of the server network object will be used as a hostname for in...

Page 405: ... BE reserve mac address 00 1C 7F 21 05 BE mac reserved in dhcp on mac addr 00 1C 7F 21 05 BE reserve mac address 00 1C 7F 21 05 BE exclude from dhcp on dhcp reserve ip addr to mac on mac addr 00 1C 7F 21 05 BE reserve mac address 00 1C 7F 21 05 BE mac reserved in dhcp on mac addr 00 1C 7F 21 05 BE reserve mac address 00 1C 7F 21 05 BE dns resolving true ipv4 address 192 168 1 1 ...

Page 406: ...Series R80 20 05 CLI Reference Guide 406 show host Description Shows the configuration of an existing network object Syntax show host name Parameters Parameter Description name Network Object name Type String Example show host TEXT ...

Page 407: ...SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 407 show hosts Description Shows the configuration of all existing network objects Syntax show hosts Parameters Parameter Description n a Example show hosts ...

Page 408: ...hotspot SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 408 hotspot ...

Page 409: ...set hotspot SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 409 set hotspot Configures hotspot settings ...

Page 410: ...n them auth mode Allow access to a specific user group only or all users Options allow all allow specific group portal msg The message shown in hotspot portal Type A string that contains only printable characters portal title The title of the hotspot portal Type A string that contains only printable characters redirect after auth Indicates if after the user accepts terms or authenticate in the hot...

Page 411: ...al Type A string that contains only printable characters timeout Time in minutes untill the hotspot session expires Type A number with no fractional part integer Example set hotspot require auth true auth mode allow all allowed group word timeout 15 portal title My Network portal msg My Network show terms of use on terms of use My Network redirect after auth on redirect after auth url urlWithHttp ...

Page 412: ...eference Guide 412 set hotspot Description Adds an existing network object as an exception for hotspot portal Syntax set hotspot add exception exception Parameters Parameter Description exception Network object name Example set hotspot add exception TEXT ...

Page 413: ... Guide 413 set hotspot Description Removes an existing network object from being an exception to hotspot portal Syntax set hotspot remove exception exception Parameters Parameter Description exception Network object name Example set hotspot remove exception TEXT ...

Page 414: ...80 20 05 CLI Reference Guide 414 set hotspot Description Configures advanced hotspot settings Syntax set hotspot advanced settings activation activation Parameters Parameter Description n a Example set hotspot advanced settings activation on ...

Page 415: ...ide 415 set hotspot Description Configures advanced hotspot settings Syntax set hotspot advanced settings prevent simultaneous login prevent simultaneous login Parameters Parameter Description n a Example set hotspot advanced settings prevent simultaneous login true ...

Page 416: ...show hotspot SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 416 show hotspot Shows hotspot configuration ...

Page 417: ...how hotspot SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 417 show hotspot Description Shows hotspot configuration Syntax show hotspot Parameters Parameter Description n a Example show hotspot ...

Page 418: ...ce Series R80 20 05 CLI Reference Guide 418 show hotspot Description Shows hotspot advanced settings configuration Syntax Shows hotspot advanced settings Parameters Parameter Description n a Example Shows hotspot advanced settings ...

Page 419: ...https categorization SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 419 https categorization ...

Page 420: ...tps categorization SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 420 set https categorization Configures HTTPS categorization settings categorization does not require a full SSL inspection mechanism ...

Page 421: ... categorization Description Configures advanced HTTPS categorization settings Syntax set https categorization advanced settings validate cert expiration validate cert expiration Parameters Parameter Description n a Example set https categorization advanced settings validate cert expiration true ...

Page 422: ... categorization Description Configures advanced HTTPS categorization settings Syntax set https categorization advanced settings validate unreachable crl validate unreachable crl Parameters Parameter Description n a Example set https categorization advanced settings validate unreachable crl true ...

Page 423: ...uide 423 set https categorization Description Configures advanced HTTPS categorization settings Syntax set https categorization advanced settings validate crl validate crl Parameters Parameter Description n a Example set https categorization advanced settings validate crl true ...

Page 424: ...0 05 CLI Reference Guide 424 show https categorization Description Shows configuration for HTTPS categorization feature Syntax show https categorization advanced settings Parameters Parameter Description n a Example show https categorization advanced settings ...

Page 425: ...interface SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 425 interface ...

Page 426: ...add interface SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 426 add interface Adds a new virtual interface ...

Page 427: ...ing physical interface Syntax add interface assignment vlan vlan Parameters Parameter Description assignment The switch or bridge which the object belongs to Type A string that contains A Z 0 9 _ and characters vlan Enter a number that is the virtual identifier Type A number with no fractional part integer Example add interface My_Network vlan 12 ...

Page 428: ...in the VPN community before you can define the VTI The Peer ID is an alpha numeric character string Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces remote Defines the remote peer IPv4 address used at the peer gateway s point to point virtual interface numbered VTI only Type IP address type The type of VTI Numbered VTI that uses a speci...

Page 429: ...ters Parameter Description alias physical port The physical port used by the alias network Separate networks only Type A string that contains A Z 0 9 _ and characters ipv4 address Enter the IP address of the interface Type IP address mask length Represents the network s mask length Type A string that contains numbers only subnet mask The subnet mask of the specified network Type A subnet mask or 2...

Page 430: ...I Reference Guide 430 delete interface Description Deletes an existing virtual interface Syntax delete interface name Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters Example delete interface My_Network ...

Page 431: ...set interface SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 431 set interface Configures local networks interfaces ...

Page 432: ... gw dns primary dns primary dns secondary dns secondary dns tertiary dns tertiary Parameters Parameter Description default gw Default gateway Type IP address dns primary First DNS server IP address Type IP address dns secondary Second DNS server IP address Type IP address dns tertiary Third DNS server IP address Type IP address ipv4 address The IP address Type IP address mask length Subnet mask le...

Page 433: ...ance Series R80 20 05 CLI Reference Guide 433 Example set interface My_Network ipv4 address 192 168 1 100 subnet mask 255 255 255 0 default gw 192 168 1 1 dns primary 192 168 1 1 dns secondary 192 168 1 2 dns tertiary 192 168 1 3 ...

Page 434: ... subnet mask Parameters Parameter Description ipv4 address Enter the IP address of the interface Type IP address mask length Represents the network s mask length Type A string that contains numbers only name Network name Type A string that contains A Z 0 9 _ and characters subnet mask Enter the Subnet mask of the specified network Type A subnet mask or 255 255 255 255 Example set interface My_Netw...

Page 435: ...set interface Description Configures a physical interface to be unassigned from existing networks Syntax set interface name unassigned Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters Example set interface LAN2 unassigned ...

Page 436: ...et interface Description Configures monitor mode on an existing local network interface Syntax set interface name monitor mode Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters Example set interface My_Network monitor mode ...

Page 437: ... override mac address override exclude from dns proxy exclude from dns proxy Parameters Parameter Description exclude from dns proxy Exclude from DNS proxy Options on off mac address override Override default MAC address Type MAC address name Network name Type A string that contains A Z 0 9 _ and characters Example set interface My_Network mac address override 00 1C 7F 21 05 BE exclude from dns pr...

Page 438: ...iption auto negotiation Enable this option in order to manually configure the link speed of the interface Options on off link speed Configure the link speed of the interface manually Options 10 full 10 half 100 full 100 half mtu Configure the Maximum Transmission Unit size for an interface Type A number with no fractional part integer name Network name Type A string that contains A Z 0 9 _ and cha...

Page 439: ... Enable disable an existing local network interface Syntax set interface name state state Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters state The mode of the network enabled or disabled Options on off Example set interface My_Network state on ...

Page 440: ... local network interface Syntax set interface name description description Parameters Parameter Description description Description Type A string that contains less than 257 characters of this set 0 9 a z or name Network name Type A string that contains A Z 0 9 _ and characters Example set interface My_Network description This is a comment ...

Page 441: ...an access lan access lan access track lan access track Parameters Parameter Description lan access Local networks will be accessible from this network once this option is enabled Options block accept lan access track Traffic from this network to local networks will be logged once this option is enabled Options none log name Network name Type A string that contains A Z 0 9 _ and characters Example ...

Page 442: ... for an existing local network interface Syntax set interface name hotspot hotspot Parameters Parameter Description hotspot Redirect users to the Hotspot portal before allowing access from this interface Options on off name Network name Type A string that contains A Z 0 9 _ and characters Example set interface My_Network hotspot on ...

Page 443: ...nce Guide 443 show interface Description Shows configuration and details of local networks Syntax show interface name all Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters Example show interface My_Network all ...

Page 444: ...es SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 444 show interfaces Description Shows the list of defined local networks Syntax show interfaces Parameters Parameter Description n a Example show interfaces ...

Page 445: ... 1500 Appliance Series R80 20 05 CLI Reference Guide 445 show interfaces all Description Shows details of all defined local networks Syntax show interfaces all Parameters Parameter Description n a Example show interfaces all ...

Page 446: ...sk Parameters Parameter Description alias physical port The physical port used by the alias network Separate networks only Type A string that contains A Z 0 9 _ and characters ipv4 address Enter the IP address of the interface Type IP address mask length Represents the network s mask length Type A string that contains numbers only subnet mask The subnet mask of the specified network Type A subnet ...

Page 447: ...delete interface alias Description Delete one of multiple IP addresses associated to a network interface Syntax delete interface alias name Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters Example delete interface alias My_Network ...

Page 448: ...ter Description ipv4 address Enter the IP address of the interface Type IP address mask length Represents the network s mask length Type A string that contains numbers only name Network name Type A string that contains A Z 0 9 _ and characters state The mode of the network enabled or disabled Options on off subnet mask The subnet mask of the specified network Type A subnet mask or 255 255 255 255 ...

Page 449: ...hash policy bond mii interval bond mii interval Parameters Parameter Description bond hash policy The bond hash policy Options layer2 layer2_3 layer3_4 bond master The bond Master port Type A string that contains A Z 0 9 _ and characters bond mii interval The bond MII interval Type A number with no fractional part integer bond mode The bond operation mode policy Type Press TAB to see available opt...

Page 450: ...bond Delete this text and replace it with your own content Description Delete a link aggregation bond between two or more interfaces Syntax delete interface name Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters Example delete interface My_Network ...

Page 451: ...iption bond hash policy The bond hash policy Options layer2 layer2_3 layer3_4 bond master The bond Master port Type A string that contains A Z 0 9 _ and characters bond mii interval The bond MII interval Type A number with no fractional part integer bond mode The bond operation mode policy Options 8023ad round robin xor master name Network name Type A string that contains A Z 0 9 _ and characters ...

Page 452: ... settings for an internet bond LAN Syntax set interface bond name add member add member Parameters Parameter Description add member bondPort1 Type A string that contains A Z 0 9 _ and characters name Network name Type A string that contains A Z 0 9 _ and characters Example set interface bond My_Network add member My_Network ...

Page 453: ...gs for an interface bond LAN Syntax set interface bond name remove member remove member Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters remove member bondPort1 Type A string that contains A Z 0 9 _ and characters Example set interface bond My_Network remove member My_Network ...

Page 454: ...erence Guide 454 show interface bond Description Show the name of the interface in the bond LAN Syntax show interface bond name Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters Example show interface bond name ...

Page 455: ...SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 455 show interfaces bond Description Show the interfaces in the bond LAN Syntax show interfaces bond Parameters Parameter Description n a Example show interfaces bond ...

Page 456: ...tion for the Certificate Type String Less secure Allow connections to SSL sites without certificates Only applied over SFTP Type Boolean true false P12 password PKCS 12 Password PKCS 12 defines an archive file format for storing many cryptography objects as a single file Type A registration key url Download the certificate file from this URL The URL format should be s ftp name passwd machine domai...

Page 457: ...rnal certificate Type String Example delete internal certificate name TEXT show internal certificate Description Show an internal certificate Syntax show internal certificate name name Parameters Parameter Description name Name of the internal certificate Type String Example show internal certificate name TEXT show internal certificates Description Show all internal certificates ...

Page 458: ...show interfaces bond SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 458 Syntax show internal certificates Parameters Parameter Description n a Example show internal certificates ...

Page 459: ...ips engine settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 459 ips engine settings ...

Page 460: ...set ips engine settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 460 set ips engine settings ...

Page 461: ...delay threshold detection delay false Parameters Parameter Description bypass track Indicates how the appliance will track events where the bypass mechanism is activated deactivated Options none log alert bypass under load Indicates if the IPS engine will move to bypass mode if the appliance is under heavy load Type Boolean true false protection scope Indicates if the IPS blade will protect intern...

Page 462: ...gs advanced settings AboutConfigIPSErrorPageConfig status code desc status code desc show error code show error code logo url logo url send detailed status code send detailed status code enable logo url enable logo url Parameters Parameter Description n a Example set ips engine settings advanced settings AboutConfigIPSErrorPageConfig status code desc This is a comment show error code true logo url...

Page 463: ...PS HTTP protections Syntax set ips engine settings advanced settings AboutConfigIPSErrorPage send error code send error code error page for supported web protections error page for supported web protections url url Parameters Parameter Description n a Example set ips engine settings advanced settings AboutConfigIPSErrorPage send error code true error page for supported web protections do not show ...

Page 464: ...show ips engine settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 464 show ips engine settings Shows engine settings for the IPS blade ...

Page 465: ...00 Appliance Series R80 20 05 CLI Reference Guide 465 show ips engine settings Description Shows engine settings for the IPS blade Syntax show ips engine settings Parameters Parameter Description n a Example show ips engine settings ...

Page 466: ...0 20 05 CLI Reference Guide 466 show ips engine settings Description Shows advanced engine settings for the IPS blade Syntax show ips engine settings advanced settings Parameters Parameter Description n a Example show ips engine settings advanced settings ...

Page 467: ...interface loopback SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 467 interface loopback ...

Page 468: ...erface loopback ipv4 address ipv4 address mask length mask length subnet mask subnet mask Parameters Parameter Description ipv4 address Enter the IP address of the interface Type IP address mask length Represents the network s mask length Type A string that contains numbers only subnet mask Enter the Subnet mask of the specified network Type A subnet mask or 255 255 255 255 Example add interface l...

Page 469: ...de 469 delete interface loopback Description Deletes an existing configured loopback interface Syntax delete interface loopback name Parameters Parameter Description name Network name Type A string that contains A Z 0 9 _ and characters Example delete interface loopback My_Network ...

Page 470: ...none name VALUE Parameters Parameter Description apn APN Access Point Name of SIM 1 optional pin PIN number of SIM 1 optional apn sim2 APN Access Point Name of SIM 2 optional pin sim2 PIN number of SIM 2 optional primary sim The preferred SIM to use for the connection disable sim Allows disabling of one of the SIM cards name The name of the internet connection Example add internet connection inter...

Page 471: ...sierra usb on lsi event true set internet connection VALUE type cellular Description Set the values for the cellular LTE connection Syntax set internet connection VALUE type cellular apn VALUE pin VALUE apn sim2 VALUE pin sim2 VALUE primary sim sim1 sim2 disable sim sim1 sim2 none Parameters Parameter Description apn APN Access Point Name of SIM 1 optional pin PIN number of SIM 1 optional apn sim2...

Page 472: ... 472 Parameter Description disable sim Allows disabling of one of the SIM cards name The name of the internet connection Example set internet connection Internet1 type cellular apn sim1apn com pin 1111 apn sim2 sim2apn com pin sim2 2222 disable sim none primary sim sim1 ...

Page 473: ...e Series R80 20 05 CLI Reference Guide 473 show internet Description Shows advanced settings for configured internet Syntax show internet advanced settings Parameters Parameter Description n a Example show internet advanced settings ...

Page 474: ...internet connection SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 474 internet connection ...

Page 475: ...add internet connection SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 475 add internet connection Adds a new internet connection ...

Page 476: ...terface Interface name Type Press TAB to see available options name Connection name Type A string that contains A Z 0 9 _ and space characters type Connection type Type Press TAB to see available options vlan id VLAN ID Type A number with no fractional part integer Syntax for Static IP add internet connection name name interface WAN type static default gw default gw ipv4 address ipv4 address mask ...

Page 477: ...ondary Second DNS server IP address Type IP address dns tertiary Third DNS server IP address Type IP address ipv4 address IP address field for static IP and bridge settings Type IP address mask length Subnet mask length Type A string that contains numbers only name Connection name Type A string that contains A Z 0 9 _ and space characters subnet mask Subnet mask Type A subnet mask or 255 255 255 2...

Page 478: ...al ipv4 address Parameters Parameter Description conn test timeout Connection test timeout Type A number with no fractional part integer interface Interface name Type Press TAB to see available options default gw WAN default gateway in the advanced section of PPTP and l2TP Type IP address is unnumbered pppoe Unnumbered PPPoE lets you manage a range of IP addresses and dial only once Type Boolean t...

Page 479: ...yntax for PPPoE add internet connection name name interface WAN type pppoe username username password hash password hash add internet connection name name interface WAN type pppoe username username password password hash is unnumbered pppoe is unnumbered pppoe local ipv4 address local ipv4 address Parameters Parameter Description conn test timeout Connection test timeout Type A number with no frac...

Page 480: ...terface WAN type pptp server server password hash password hash command_synadd internet connection name name interface WAN type pptpserver server password password username username local ipv4 address local ipv4 address wan ipv4 address wan ipv4 address wan mask length wan mask length tax add internet connection name name interface WAN type pptp server server password password username username lo...

Page 481: ...assword hash The hash of the user password Type passwordHash server Server IP address Type IP address type Connection type Type Press TAB to see available options username User name for PPP connection settings Type A string that contains all printable characters but a single or double quote like characters Usually username ISP vlan id VLAN ID Type A number with no fractional part integer wan ipv4 ...

Page 482: ...e t1413 glite gdmt adsl2 adsl2 type Connection type Type Press TAB to see available options vci VCI value for the ADSL connection Type A number between 0 and 65535 vpi VPI value for the ADSL connection Type A number between 0 and 255 Syntax for PPPoA add internet connection name name interface ADSL type pppoa username username password hash password hash add internet connection name name interface...

Page 483: ...tion name Type A string that contains A Z 0 9 _ and space characters password Password for PPP connection settings Type internetPassword password hash The hash of the user password Type passwordHash type Connection type Type Press TAB to see available options username User name for PPP connection settings Type A string that contains all printable characters but a single or double quote like charac...

Page 484: ...ions llc vcmux interface Interface name Type Press TAB to see available options is unnumbered pppoe Unnumbered PPPoE lets you manage a range of IP addresses and dial only once Type Boolean true false local ipv4 address Local tunnel IP address or Auto for automatic Type An IP address or auto name Connection name Type A string that contains A Z 0 9 _ and space characters password Password for PPP co...

Page 485: ...capsulation type for the ADSL connection Options llc vcmux interface Interface name Type Press TAB to see available options name Connection name Type A string that contains A Z 0 9 _ and space characters type Connection type Type Press TAB to see available options vci VCI value for the ADSL connection Type A number between 0 and 65535 vlan id VLAN ID Type A number with no fractional part integer v...

Page 486: ...TP and l2TP Type IP address dns primary First DNS server IP address Type IP address dns secondary Second DNS server IP address Type IP address dns tertiary Third DNS server IP address Type IP address encapsulation Encapsulation type for the ADSL connection Options llc vcmux interface Interface name Type Press TAB to see available options ipv4 address IP address field for static IP and bridge setti...

Page 487: ...tion is unnumbered pppoe is unnumbered pppoe local ipv4 address local ipv4 address vci vci vpi vpi encapsulation encapsulation vci vci vpi vpi use connection as vlan vlan id vlan id conn test timeout conn test timeout Parameters Parameter Description conn test timeout Connection test timeout Type A number with no fractional part integer encapsulation Encapsulation type for the ADSL connection Opti...

Page 488: ...s but a single or double quote like characters Usually username ISP vci VCI value for the ADSL connection Type A number between 0 and 65535 vlan id VLAN ID Type A number with no fractional part integer vpi VPI value for the ADSL connection Type A number between 0 and 255 DMZ Syntax for DHCP add internet connection name name interface DMZ type dhcp Parameters Parameter Description conn test timeout...

Page 489: ...ary dns primary dns secondary dns secondary dns tertiary dns tertiary use connection as vlan vlan id vlan id conn test timeout conn test timeout Parameters Parameter Description conn test timeout Connection test timeout Type A number with no fractional part integer interface Interface name Type Press TAB to see available options default gw WAN default gateway in the advanced section of PPTP and l2...

Page 490: ...me local ipv4 address local ipv4 address wan ipv4 address wan ipv4 address wan mask length wan mask length add internet connection name name interface DMZ type l2tp server server password password username username local ipv4 address local ipv4 address wan ipv4 address wan ipv4 address wan subnet mask wan mask length default gw default gw is unnumbered pppoe is unnumbered pppoe local ipv4 address ...

Page 491: ...rname User name for PPP connection settings Type A string that contains all printable characters but a single or double quote like characters Usually username ISP vlan id VLAN ID Type A number with no fractional part integer wan ipv4 address Wan IP address wrapper Type An IP address or auto wan mask length WAN subnet mask length Type A string that contains numbers only wan subnet mask WAN subnet m...

Page 492: ... space characters password Password for PPP connection settings Type internetPassword password hash The hash of the user password Type passwordHash type Connection type Type Press TAB to see available options username User name for PPP connection settings Type A string that contains all printable characters but a single or double quote like characters Usually username ISP vlan id VLAN ID Type A nu...

Page 493: ...ess TAB to see available options default gw WAN default gateway in the advanced section of PPTP and l2TP Type IP address dns primary First DNS server IP address Type IP address dns secondary Second DNS server IP address Type IP address dns tertiary Third DNS server IP address Type IP address encapsulation Encapsulation type for the ADSL connection Options llc vcmux ipv4 address IP address field fo...

Page 494: ...e A subnet mask or 255 255 255 255 type Connection type Type Press TAB to see available options username User name for PPP connection settings Type A string that contains all printable characters but a single or double quote like characters Usually username ISP vci VCI value for the ADSL connection Type A number between 0 and 65535 vlan id VLAN ID Type A number with no fractional part integer vpi ...

Page 495: ...rence Guide 495 Example add internet connection name My connection interface WAN true vlan id 1000000 type static ipv4 address 192 168 1 1 subnet mask 255 255 255 0 default gw 192 168 1 1 dns primary 192 168 1 1 dns secondary 192 168 1 1 dns tertiary 192 168 1 1 conn test timeout 1000000 ...

Page 496: ... typeanalog use serial porttrue number number username username password password flow control flow control port speed port speed conn test timeout conn test timeout add internet connection name name typecellular number number conn test timeout conn test timeout name name apn apn username username password hash password hash add internet connection name name typecellular number number conn test ti...

Page 497: ...400 57600 115200 230400 type Connection type Type Press TAB to see available options use serial port Use serial port Type Boolean true false username User name for PPP connection settings Type A string that contains all printable characters but a single or double quote like characters Usually username ISP Example add internet connection type analog use serial port true number 758996 username MyUse...

Page 498: ...delete internet connection SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 498 delete internet connection Deletes an existing internet connection or internet connection related configuration ...

Page 499: ... delete internet connection Description Deletes an existing internet connection by name Syntax delete internet connection name Parameters Parameter Description name Connection name Type A string that contains A Z 0 9 _ and space characters Example delete internet connection My connection ...

Page 500: ...ernet connection s ping servers configured for connection health monitoring Syntax delete internet connection name probe icmp servers first second third Parameters Parameter Description name Connection name Type A string that contains A Z 0 9 _ and space characters Example delete internet connection My connection probe icmp servers first second third ...

Page 501: ...ppliance Series R80 20 05 CLI Reference Guide 501 delete internet connections Description Deletes all existing internet connections Syntax delete internet connections Parameters Parameter Description n a Example delete internet connections ...

Page 502: ...set internet connection SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 502 set internet connection Configures internet connections settings ...

Page 503: ...n Disable auto negotiation and manually define negotiation link speed Options on off link speed Link speed Options 100 full 100 half 10 full 10 half mac addr Default mac address wrapper Type A MAC address or default mtu MTU size Select default for default value Type A string of alphanumeric characters without space between them name Connection name Type A string that contains A Z 0 9 _ and space c...

Page 504: ... internet connection Syntax set internet connection name connect on demand connect on demand Parameters Parameter Description connect on demand Holds the status of the connect on demand feature Type Boolean true false name Connection name Type A string that contains A Z 0 9 _ and space characters Example set internet connection My connection connect on demand true ...

Page 505: ... Enable Disable an existing internet connection Syntax set internet connection name enable disable Parameters Parameter Description name Connection name Type A string that contains A Z 0 9 _ and space characters state Connection enabled disabled Type Boolean true false Example set internet connection My connection true ...

Page 506: ...nd when managed using an LSM profile Syntax set internet connection name qos download true bandwidth bandwidth false Parameters Parameter Description bandwidth ISP download bandwidth Type A number with no fractional part integer name Connection name Type A string that contains A Z 0 9 _ and space characters qos download Enable QoS quality of service restriction on inbound traffic download Type Boo...

Page 507: ...ode and when managed using an LSM profile Syntax set internet connection name qos upload true bandwidth bandwidth false Parameters Parameter Description bandwidth ISP upload bandwidth Type A number with no fractional part integer name Connection name Type A string that contains A Z 0 9 _ and space characters qos upload Enable QoS quality of service restriction on outbound traffic upload Type Boole...

Page 508: ...e hide NAT from a specific internet connection Syntax set internet connection name disable nat disable nat Parameters Parameter Description disable nat Disable NAT Network Address Translation for traffic going through this Internet connection Type Boolean true false name Connection name Type A string that contains A Z 0 9 _ and space characters Example set internet connection My connection disable...

Page 509: ...balancing weight load balancing weight Parameters Parameter Description ha priority Priority of the connection in HA Type A number with no fractional part integer load balancing weight Internet connection weight for load balancing configuration Type A number with no fractional part integer name Connection name Type A string that contains A Z 0 9 _ and space characters Example set internet connecti...

Page 510: ...ic through manual dynamic routing rules Syntax set internet connection name route traffic through default gateway route traffic through default gateway Parameters Parameter Description name Connection name Type A string that contains A Z 0 9 _ and space characters route traffic through default gateway In order to route traffic through this connection you need to add specific routes through it Type...

Page 511: ... dns primary dns primary dns secondary dns secondary dns tertiary dns tertiary l2tp username username password password password hash password hash local ipv4 address local ipv4 address is unnumbered pppoe is unnumbered pppoe server server local ipv4 address local ipv4 address wan ipv4 address wan ipv4 address wan subnet mask wan subnet mask wan mask length wan mask length default gw default gw Pa...

Page 512: ...f the user password Type passwordHash server Server IP address Type IP address subnet mask Subnet mask Type A subnet mask or 255 255 255 255 type Connection type Type Press TAB to see available options username User name for PPP connection settings Type A string that contains all printable characters but a single or double quote like characters Usually username ISP wan ipv4 address Wan IP address ...

Page 513: ...d pppoe Unnumbered PPPoE lets you manage a range of IP addresses and dial only once Type Boolean true false local ipv4 address Local tunnel IP address or Auto for automatic Type An IP address or auto name Connection name Type A string that contains A Z 0 9 _ and space characters password Password for PPP connection or cellular modem settings Type internetPassword password hash The hash of the user...

Page 514: ...4 Parameter Description vpi VPI value for the ADSL connection Type A number between 0 and 255 Example set internet connection My connection type pppoe username MyUsername MyISP password internetPassword local ipv4 address auto is unnumbered pppoe true vpi 42 vci 42 encapsulation llc ...

Page 515: ...default gw standard standard Parameters Parameter Description default gw WAN default gateway in the advanced section of PPTP and l2TP Type IP address encapsulation Encapsulation for the ADSL connection Options llc vcmux idle time Disconnect idle time Type A number with no fractional part integer method Authentication method Options auto pap chap name Connection name Type A string that contains A Z...

Page 516: ...address Wan IP address wrapper Type An IP address or auto wan mask length WAN subnet mask length Type A string that contains numbers only wan subnet mask WAN subnet mask in the advanced section Type Subnet mask Example set internet connection My connection type pppoa method auto idle time 1000000 standard multimode ...

Page 517: ...lan vlan id vlan id vpi vpi vci vci encapsulation encapsulation ipoe static ipv4 address ipv4 address subnet mask subnet mask mask length mask length default gw default gw dns primary dns primary dns secondary dns secondary dns tertiary dns tertiary use connection as vlan vlan id vlan id vpi vpi vci vci encapsulation encapsulation Parameters Parameter Description default gw Default gateway Type IP...

Page 518: ... auto pap chap name Connection name Type A string that contains A Z 0 9 _ and space characters password Password for PPP connection settings Type internetPassword password hash The hash of the user password Type passwordHash standard The ADSL standard to use Options multimode t1413 glite gdmt adsl2 adsl2 subnet mask Subnet mask Type A subnet mask or 255 255 255 255 type Connection type Type Press ...

Page 519: ...tional part integer vpi VPI value for the ADSL connection Type A number between 0 and 255 Example set internet connection My connection type pppoe username MyUsername MyISP password internetPassword true vlan id 1000000 local ipv4 address auto is unnumbered pppoe true vpi 42 vci 42 encapsulation llc method auto idle time 1000000 standard multimode ...

Page 520: ...at contains A Z 0 9 _ and space characters number Dialed number of the cellular modem settings Type A sequence of numbers and characters password Password for PPP connection or cellular modem settings Type internetPassword password hash The hash of the user password Type passwordHash type Connection type Type Press TAB to see available options username User name for PPP connection or cellular mode...

Page 521: ...method Parameters Parameter Description name Connection name Type A string that contains A Z 0 9 _ and space characters probe next hop Automatically detect loss of connectivity to the default gateway Type Boolean true false probe servers Monitor connection state by sending probe packets to one or more servers on the Internet Type Boolean true false probing method Connection probing method Options ...

Page 522: ...the probing method when using connection monitoring Type An IP address or host name name Connection name Type A string that contains A Z 0 9 _ and space characters probing method Connection probing method Options icmp dns second Second IP address for the probing method when using connection monitoring Type An IP address or host name third Third IP address for the probing method when using connecti...

Page 523: ...show internet connection SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 523 show internet connection Shows configuration and details of defined internet connections ...

Page 524: ...nternet connection Description Shows configuration and details of a defined internet connection Syntax show internet connection name Parameters Parameter Description name Connection name Type A string that contains A Z 0 9 _ and space characters Example show internet connection My connection ...

Page 525: ...cription Shows configured ping servers for health monitoring of defined internet connection Syntax show internet connection name icmp servers Parameters Parameter Description name Connection name Type A string that contains A Z 0 9 _ and space characters Example show internet connection My connection icmp servers ...

Page 526: ...e Series R80 20 05 CLI Reference Guide 526 show internet connections Description Shows details and configuration of all internet connections Syntax show internet connections Parameters Parameter Description n a Example show internet connections ...

Page 527: ...0 20 05 CLI Reference Guide 527 show internet connections table Description Shows details and configuration of all internet connections in a table Syntax show internet connections table Parameters Parameter Description n a Example show internet connections table ...

Page 528: ...te internet connection bond Description Delete a link aggregation bond between two or more interfaces WAN Syntax delete internet connection bond name Parameters Parameter Description name Connection name Type A string that contains A Z 0 9 _ and space characters Example delete internet connection bond My connection ...

Page 529: ...ter Description bond hash policy The bond hash policy Options layer2 layer2_3 layer3_4 bond master The bond Master port Type A string that contains A Z 0 9 _ and characters bond mii interval The bond MII interval Type A number with no fractional part integer bond mode The bond operation mode policy Options 802 3ad round robin xor high availability name Connection name Type A string that contains A...

Page 530: ...d between two or more interfaces WAN Syntax set internet connection bond name add member add member Parameters Parameter Description add member bondPort1 Type Type A string that contains A Z 0 9 _ and characters name Connection name Type A string that contains A Z 0 9 _ and space characters Example set internet connection bond My connection add member My_Network ...

Page 531: ...wo or more interfaces WAN Syntax set internet connection bond name remove member remove member Parameters Parameter Description name Connection name Type A string that contains A Z 0 9 _ and space characters remove member List of interfaces that are part of the WAN link aggregation Bond Type String Example set internet connection bond My connection remove member My_Network ...

Page 532: ...et connection bond Description Show the link aggregation bond between two or more interfaces WAN Syntax show internet connection bond name Parameters Parameter Description name Connection name Type A string that contains A Z 0 9 _ and space characters Example show internet connection bond My connection ...

Page 533: ... R80 20 05 CLI Reference Guide 533 show internet connections bond Description Show the link aggregations bond between two or more interfaces WAN Syntax show internet connections bond Parameters Parameter Description n a Example show internet connections bond ...

Page 534: ...internet mode SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 534 internet mode ...

Page 535: ...ill be distributed automatically across the defined active Internet connections according to the configured load balancing weights or use the default High Availability behavior based on priorities of each internet connection Syntax set internet mode load balancing high availability Parameters Parameter Description lb mode The load balancing mode Options on off Example set internet mode on ...

Page 536: ...e Series R80 20 05 CLI Reference Guide 536 show internet mode Description Shows multiple internet connections mode High Availability or Load Sharing Syntax show internet mode Parameters Parameter Description n a Example show internet mode ...

Page 537: ...ip fragments params SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 537 ip fragments params ...

Page 538: ...set ip fragments params SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 538 set ip fragments params Configures how the appliance handles IP fragments ...

Page 539: ...ference Guide 539 set ip fragments params Description Configures how the appliance handles IP fragments Syntax set ip fragments params advanced settings minsize minsize Parameters Parameter Description n a Example set ip fragments params advanced settings minsize 150 ...

Page 540: ...the appliance handles IP fragments Syntax set ip fragments params advanced settings config track track limit limit advanced state advanced state timeout timeout pkt cap pkt cap Parameters Parameter Description n a Example set ip fragments params advanced settings config track none limit 150 advanced state forbid timeout 15 pkt cap true ...

Page 541: ...R80 20 05 CLI Reference Guide 541 show ip fragments params Description Shows configuration of IP fragments handling Syntax show ip fragments params advanced settings Parameters Parameter Description n a Example show ip fragments params advanced settings ...

Page 542: ...ipv6 state SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 542 ipv6 state ...

Page 543: ...tate SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 543 set ipv6 state Description Enable the IPv6 mode of the appliance Syntax set ipv6 state Parameters Parameter Description n a Example set ipv6 state ...

Page 544: ... Appliance Series R80 20 05 CLI Reference Guide 544 show ipv6 state Description Show if the IPv6 mode of the appliance is enabled or disabled Syntax show ipv6 state Parameters Parameter Description n a Example show ipv6 state ...

Page 545: ...license SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 545 license ...

Page 546: ...eter n User Center at Check Point n USB device There is an option to specify the file name with the file_name parameter Syntax fetch license local file file_name usercenter usb file file_ name Parameters Parameter Description file_name Name of the file that contains the license Return Value 0 on success 1 on failure Example fetch license usb file LicenseFile xml Output Success shows OK Failure sho...

Page 547: ...B 1500 Appliance Series R80 20 05 CLI Reference Guide 547 show license Description Shows current license state Syntax show license Parameters Parameter Description n a Example show license Output Current license state ...

Page 548: ...local group SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 548 local group ...

Page 549: ...arameter Description comments Comments Type A string that contains less than 257 characters of this set 0 9 a z or name Local group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces remote access on Indicates if the users group have remote access permissions Type Boolean true false Example add local group name myObject_17 comments Th...

Page 550: ...delete local group SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 550 delete local group Deletes an existing group object for user objects ...

Page 551: ...letes an existing group object for user objects by group object name Syntax delete local group name name Parameters Parameter Description name Local group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example delete local group name myObject_17 ...

Page 552: ...ppliance Series R80 20 05 CLI Reference Guide 552 delete local group Description Deletes all existing group objects for user objects Syntax delete local group all Parameters Parameter Description n a Example delete local group all ...

Page 553: ...set local group SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 553 set local group Configures an existing user group object ...

Page 554: ... less than 257 characters of this set 0 9 a z or name Local group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces new name Local group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces remote access on Indicates if the users group have remote access permissions Type B...

Page 555: ... in this group have VPN remote access privileges Syntax set local group name name add bookmark label bookmark label Parameters Parameter Description bookmark label Text for the bookmark in the SSL Network Extender portal name Local group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example set local group name myObject_17 add bo...

Page 556: ...s in this group have VPN remote access privileges Syntax set local group name name remove bookmark label bookmark label Parameters Parameter Description bookmark label Text for the bookmark in the SSL Network Extender portal name Local group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example set local group name myObject_17 re...

Page 557: ... Description Shows the content of a user group object Syntax show local group name name Parameters Parameter Description name Local group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example show local group name myObject_17 ...

Page 558: ...MB 1500 Appliance Series R80 20 05 CLI Reference Guide 558 show local groups Description Shows the content of all user group objects Syntax show local groups Parameters Parameter Description n a Example show local groups ...

Page 559: ...set local group users SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 559 set local group users Configures an existing user group object ...

Page 560: ...roup object Syntax set local group users name name add user name user name Parameters Parameter Description name Local group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces user name User s name in the local database Example set local group users name myObject_17 add user name admin ...

Page 561: ...roup object Syntax set local group users name name remove user name user name Parameters Parameter Description name Local group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces user name User s name in the local database Example set local group users name myObject_17 remove user name admin ...

Page 562: ...local user SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 562 local user ...

Page 563: ...haracters of this set 0 9 a z or expiration date Expiration date for a temporary user in format yyyy mm dd Type A date format yyyy mm dd expiration time Expiration time for a temporary user in format HH MM Type A time format hh mm is temp user Indicates if the user entry is temporary Type Boolean true false name User s name in the local database Type A string that contains 0 9 a z up to 64 charact...

Page 564: ...ance Series R80 20 05 CLI Reference Guide 564 Example add local user name admin password hash TZXPLs20bN0RA comments This is a comment remote access always on true is temp user true expiration date 2000 01 01 expiration time 23 20 ...

Page 565: ...delete local user SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 565 delete local user Deletes an existing locally defined user object ...

Page 566: ...user Description Deletes an existing locally defined user object by user name Syntax delete local user name name Parameters Parameter Description name User s name in the local database Type A string that contains 0 9 a z up to 64 characters without spaces Example delete local user name admin ...

Page 567: ...ance Series R80 20 05 CLI Reference Guide 567 delete local user Description Deletes all existing locally defined user objects by user name Syntax delete local user all Parameters Parameter Description n a Example delete local user all ...

Page 568: ...set local user SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 568 set local user Configures an existing user object ...

Page 569: ...porary user in format yyyy mm dd Type A date format yyyy mm dd expiration time Expiration time for a temporary user in format HH MM Type A time format hh mm is temp user Indicates if the user entry is temporary Type Boolean true false name User s name in the local database Type A string that contains 0 9 a z up to 64 characters without spaces new name User s name in the local database Type A strin...

Page 570: ...ries R80 20 05 CLI Reference Guide 570 Example set local user name admin new name admin password hash TZXPLs20bN0RA comments This is a comment remote access always on true is temp user true expiration date 2000 01 01 expiration time 23 20 ...

Page 571: ... only if the user has VPN remote access privileges Syntax set local user name name add bookmark label bookmark label Parameters Parameter Description bookmark label Text for the bookmark in the SSL Network Extender portal name User s name in the local database Type A string that contains 0 9 a z up to 64 characters without spaces Example set local user name admin add bookmark label myLabel ...

Page 572: ...t only if the user has VPN remote access privileges Syntax set local user name name remove bookmark label bookmark label Parameters Parameter Description bookmark label Text for the bookmark in the SSL Network Extender portal name User s name in the local database Type A string that contains 0 9 a z up to 64 characters without spaces Example set local user name admin remove bookmark label myLabel ...

Page 573: ...local user Description Shows the configuration of a locally defined user Syntax show local user name name Parameters Parameter Description name User s name in the local database Type A string that contains 0 9 a z up to 64 characters without spaces Example show local user name admin ...

Page 574: ...users SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 574 show local users Description Shows all locally defined users Syntax show local users Parameters Parameter Description n a Example show local users ...

Page 575: ...local users expired SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 575 local users expired ...

Page 576: ...ries R80 20 05 CLI Reference Guide 576 delete local users expired Description Deletes all expired locally defined user objects from the database Syntax delete local users expired Parameters Parameter Description n a Example delete local users expired ...

Page 577: ...00 Appliance Series R80 20 05 CLI Reference Guide 577 show local users expired Description Shows all expired locally defined users Syntax show local users expired Parameters Parameter Description n a Example show local users expired ...

Page 578: ...ogs SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 578 show logs Description Shows system and kernel logs Syntax show logs system kernel Parameters Parameter Description n a Example show logs kernel ...

Page 579: ...log servers configuration SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 579 log servers configuration ...

Page 580: ...g server is active Type Boolean true false log server ip addr This IP address is used if the log server is not located on the Security Management Server Type IP address mgmt server ip addr This IP address is used for establishing trusted communication between the Check Point Appliance and the log server Type IP address one time password SIC one time password Type A string that contains alphanumeri...

Page 581: ...liance Series R80 20 05 CLI Reference Guide 581 show log servers configuration Description Shows external log server configuration Syntax show log servers configuration Parameters Parameter Description n a Example show log servers configuration ...

Page 582: ...tion Connect to Management as a Service MaaS to manage policy log analysis and reporting log retention Syntax connect maas auth token auth token Parameters Parameter Description auth token Authentication token is used for connecting to MAAS Type base64 Example connect maas auth token base64 ...

Page 583: ...I Reference Guide 583 set maas Description Configure the settings for Management as a Service MaaS Syntax set maas mode mode Parameters Parameter Description mode Connection to MAAS mode Options enable disable stop using Example set maas mode enable ...

Page 584: ...aas SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 584 show maas Description Show if connected to Management as a Service MaaS Syntax show maas Parameters Parameter Description n a Example show maas ...

Page 585: ...mac filtering list SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 585 mac filtering list ...

Page 586: ...86 add mac filtering list Description Add a MAC address to the list of addresses allowed to access LAN DMZ networks Syntax add mac filtering list mac mac Parameters Parameter Description mac MAC address to allow Type MAC address Example add mac filtering list mac 00 1C 7F 21 05 BE ...

Page 587: ...lete mac filtering list Description Delete a MAC address from the list of addresses allowed to access LAN DMZ networks Syntax delete mac filtering list mac mac Parameters Parameter Description mac MAC address to allow Type MAC address Example delete mac filtering list mac 00 1C 7F 21 05 BE ...

Page 588: ... Series R80 20 05 CLI Reference Guide 588 show mac filtering list Description Show the MAC addresses that are allowed to access LAN DMZ networks Syntax show mac filtering list Parameters Parameter Description n a Example show mac filtering list ...

Page 589: ...mac filtering settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 589 mac filtering settings ...

Page 590: ...set mac filtering settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 590 set mac filtering settings Configure the settings for MAC filtering ...

Page 591: ...LI Reference Guide 591 set mac filtering settings Description Configure the settings for MAC filtering Syntax set mac filtering settings state state Parameters Parameter Description state MAC filtering state Options on off Example set mac filtering settings state on ...

Page 592: ...Guide 592 set mac filtering settings Description Configure the settings for MAC filtering Syntax set mac filtering settings advanced settings log activation log activation Parameters Parameter Description n a Example set mac filtering settings advanced settings log activation on ...

Page 593: ...Guide 593 set mac filtering settings Description Configure the settings for MAC filtering Syntax set mac filtering settings advanced settings log interval log interval Parameters Parameter Description n a Example set mac filtering settings advanced settings log interval 1000000 ...

Page 594: ...show mac filtering settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 594 show mac filtering settings Show the settings for MAC filtering ...

Page 595: ...0 Appliance Series R80 20 05 CLI Reference Guide 595 show mac filtering settings Description Show the settings for MAC filtering Syntax show mac filtering settings Parameters Parameter Description n a Example show mac filtering settings ...

Page 596: ... 20 05 CLI Reference Guide 596 show mac filtering settings Description Show the advanced settings for MAC filtering Syntax show mac filtering settings advanced settings Parameters Parameter Description n a Example show mac filtering settings advanced settings ...

Page 597: ...scription Configure settings for a mobile device In this case for when the pairing code expires Syntax set mobile settings advanced settings pairing code expiration pairing code expiration Parameters Parameter Description n a Example set mobile settings advanced settings pairing code expiration 1000000 ...

Page 598: ...ce Guide 598 set mobile settings Description Configure settings for a mobile device Syntax set mobile settings advanced settings not cloud server not cloud server Parameters Parameter Description n a Example set mobile settings advanced settings not cloud server urlv6 ...

Page 599: ...80 20 05 CLI Reference Guide 599 show mobile settings Description Show configured advanced settings for a mobile device Syntax show mobile settings advanced settings Parameters Parameter Description n a Example show mobile settings advanced settings ...

Page 600: ...de 600 mobile device revoke mobile device Description Remove mobile device from the list of associated devices Syntax revoke mobile device id id Parameters Parameter Description id id Type A number with no fractional part Integer Example revoke mobile device id 1000000 ...

Page 601: ...mobile settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 601 mobile settings These commands are relevant for mobile settings ...

Page 602: ...or a mobile device In this case for when the pairing code expires Syntax set mobile settings advanced settings pairing code expiration pairing code expiration Parameters Parameter Description pairing code expiration Number of hours until the pairing code expires Example set mobile settings advanced settings pairing code expiration 1 ...

Page 603: ...onfigure settings for a mobile device Syntax set mobile settings advanced settings not cloud server not cloud server Parameters Parameter Description not cloud server Notification server URL URL for the cloud service that pushes the notifications Example set mobile settings advanced settings not cloud server urlv6 ...

Page 604: ...80 20 05 CLI Reference Guide 604 show mobile settings Description Show configured advanced settings for a mobile device Syntax show mobile settings advanced settings Parameters Parameter Description n a Example show mobile settings advanced settings ...

Page 605: ...rator name administrator name Parameters Parameter Description administrator name Administrator Name Type A string that contains A Z 0 9 and _ characters Example add mobile invitation administrator name admin show mobile invitation Description Show which mobile devices are connected Syntax show mobile invitation id id Parameters Parameter Description id id Type A number with no fractional part Int...

Page 606: ...mobile invitation SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 606 Example show mobile invitation id 1000000 ...

Page 607: ...ies R80 20 05 CLI Reference Guide 607 mobile push notification show mobile push notification Description Show mobile push notifications Syntax show mobile push notifications Parameters Parameter Description n a Example show mobile push notifications ...

Page 608: ...monitor mode network SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 608 monitor mode network ...

Page 609: ...ogy One of the options is a manual configuration of this topology using this command Syntax add monitor mode network ipv4 address ipv4 address subnet mask subnet mask Parameters Parameter Description ipv4 address Indicates a network IP address that will be recognized as Internal Type IP address subnet mask Network subnet mask Type A subnet mask or 255 255 255 255 Example add monitor mode network i...

Page 610: ...IP addresses that determine the local networks in monitor mode when not working in automatic detection mode Syntax delete monitor mode network ipv4 address ipv4 address Parameters Parameter Description ipv4 address Indicates a network IP address that will be recognized as Internal Type IP address Example delete monitor mode network ipv4 address 192 168 1 1 ...

Page 611: ...e interface inspection Syntax set monitor mode network ipv4 address ipv4 address ipv4 address ipv4 address subnet mask subnet mask Parameters Parameter Description ipv4 address Indicates a network IP address that will be recognized as Internal Type IP address subnet mask Network subnet mask Type A subnet mask or 255 255 255 255 Example set monitor mode network ipv4 address 192 168 1 1 ipv4 address...

Page 612: ...ies R80 20 05 CLI Reference Guide 612 show monitor mode networks Description Shows manually defined local networks for monitor mode configuration Syntax show monitor mode networks Parameters Parameter Description n a Example show monitor mode networks ...

Page 613: ...monitor mode configuration SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 613 monitor mode configuration ...

Page 614: ...ction Determines if locally managed networks will be automatically detected or manually configured Syntax set monitor mode configuration use defined networks use defined networks Parameters Parameter Description use defined networks Indicates if user defined internal networks are used for Monitor mode Type Boolean true false Example set monitor mode configuration use defined networks true ...

Page 615: ...e Series R80 20 05 CLI Reference Guide 615 show monitor mode configuration Description Shows monitor mode configuration for interfaces Syntax show monitor mode configuration Parameters Parameter Description n a Example show monitor mode configuration ...

Page 616: ...message SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 616 message ...

Page 617: ...essage type on off line msgvalue msgvalue Parameters Parameter Description msgvalue Indicates the banner messages text Type virtual status Indicates if a banner message for SSH login will appear Type Boolean true false type Indicates the type of the message only banner supported Options motd banner caption Example set message motd true line msgvalue My Banner message ...

Page 618: ...show message SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 618 show message Shows banner message for the ssh login ...

Page 619: ...eference Guide 619 show message Description Shows banner message for the ssh login Syntax show message type Parameters Parameter Description type Indicates the type of the message only banner supported Options motd banner caption Example show message motd ...

Page 620: ...Reference Guide 620 show memory usage Description Shows the amount of memory that is being used Syntax show memory usage Parameters Parameter Description n a Example show memory usage Output Success shows used memory Failure shows an appropriate error message ...

Page 621: ...nat SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 621 nat ...

Page 622: ...set nat SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 622 set nat Configures general NAT policy settings ...

Page 623: ...ll be hidden by default behind the external IP addresses of the gateway Syntax set nat hide internal networks hide internal networks Parameters Parameter Description hide internal networks Hide internal networks behind the Gateway s external IP address Type Boolean true false Example set nat hide internal networks true ...

Page 624: ...uide 624 set nat Description Configures advanced NAT policy settings Syntax set nat advanced settings nat destination client side nat destination client side Parameters Parameter Description n a Example set nat advanced settings nat destination client side true ...

Page 625: ...05 CLI Reference Guide 625 set nat Description Configures advanced NAT policy settings Syntax set nat advanced settings arp proxy merge arp proxy merge Parameters Parameter Description n a Example set nat advanced settings arp proxy merge true ...

Page 626: ...20 05 CLI Reference Guide 626 set nat Description Configures advanced NAT policy settings Syntax set nat advanced settings address trans address trans Parameters Parameter Description n a Example set nat advanced settings address trans true ...

Page 627: ...CLI Reference Guide 627 set nat Description Configures advanced NAT policy settings Syntax set nat advanced settings nat automatic arp nat automatic arp Parameters Parameter Description n a Example set nat advanced settings nat automatic arp true ...

Page 628: ...t nat Description Configures advanced NAT policy settings Syntax set nat advanced settings nat destination client side manual nat destination client side manual Parameters Parameter Description n a Example set nat advanced settings nat destination client side manual true ...

Page 629: ...20 05 CLI Reference Guide 629 set nat Description Configures advanced NAT policy settings Syntax set nat advanced settings nat hash size nat hash size Parameters Parameter Description n a Example set nat advanced settings nat hash size 1024 ...

Page 630: ...ference Guide 630 set nat Description Configures advanced NAT policy settings Syntax set nat advanced settings nat cache num entries nat cache num entries Parameters Parameter Description n a Example set nat advanced settings nat cache num entries 100 ...

Page 631: ...s R80 20 05 CLI Reference Guide 631 set nat Description Configures advanced NAT policy settings Syntax set nat advanced settings nat limit nat limit Parameters Parameter Description n a Example set nat advanced settings nat limit 100 ...

Page 632: ...rence Guide 632 set nat Description Configures advanced NAT policy settings Syntax set nat advanced settings increase hide capacity increase hide capacity Parameters Parameter Description n a Example set nat advanced settings increase hide capacity true ...

Page 633: ...Reference Guide 633 set nat Description Configures advanced NAT policy settings Syntax set nat advanced settings nat cache expiration nat cache expiration Parameters Parameter Description n a Example set nat advanced settings nat cache expiration 100 ...

Page 634: ...e Guide 634 set nat Description Configures advanced NAT policy settings Syntax set nat advanced settings perform cluster hide fold perform cluster hide fold Parameters Parameter Description n a Example set nat advanced settings perform cluster hide fold true ...

Page 635: ...2Gw ip pool gw2Gw ip pool unused return interval ip pool unused return interval log ip pool allocation log ip pool allocation ip pool mode ip pool mode ip pool alloc per destination ip pool alloc per destination Parameters Parameter Description n a Example set nat advanced settings ip pool nat ip pool securemote true ip pool log none ip pool per interface true ip pool override hide true ip pool gw...

Page 636: ...show nat SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 636 show nat Shows NAT policy ...

Page 637: ...show nat SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 637 show nat Description Shows NAT policy Syntax show nat Parameters Parameter Description n a Example show nat ...

Page 638: ...0 Appliance Series R80 20 05 CLI Reference Guide 638 show nat Description Shows advanced settings for NAT policy Syntax show nat advanced settings Parameters Parameter Description n a Example show nat advanced settings ...

Page 639: ...nat rule SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 639 nat rule ...

Page 640: ...me Parameters Parameter Description comment Comment for manual NAT rule Type A string that contains less than 257 characters of this set 0 9 a z or enable arp proxy The gateway will reply to ARP requests sent to the original destination s IP address Does not apply to IP ranges networks Type Boolean true false hide sources Hide multiple sources behind the translated source addresses Type Boolean tr...

Page 641: ...nslated destination Translated destination of rule translated service Translated service of rule translated source Translated source of rule Example add nat rule original source TEXT original destination TEXT original service TEXT translated source TEXT translated destination TEXT translated service TEXT comment This is a comment hide sources true enable arp proxy true position 2 name word ...

Page 642: ...ce Guide 642 delete nat rule Description Deletes a manually configured NAT rule by name Syntax delete nat rule name name Parameters Parameter Description name name Type A string of alphanumeric characters without space between them Example delete nat rule name word ...

Page 643: ...tion below position below name name disabled disabled Parameters Parameter Description comment Comment for manual NAT rule Type A string that contains less than 257 characters of this set 0 9 a z or disabled Indicates if rule is disabled Type Boolean true false enable arp proxy The gateway will reply to ARP requests sent to the original destination s IP address Does not apply to IP ranges networks...

Page 644: ... order of the rule in comparison to other manual rules Type Decimal number translated destination Translated destination of rule translated service Translated service of rule translated source Translated source of rule Example set nat rule name word original source TEXT original destination TEXT original service TEXT translated source TEXT translated destination TEXT translated service TEXT commen...

Page 645: ...eference Guide 645 show nat rule Description Shows the name or position of a specific NAT rule Includes auto generated rules Syntax show nat rule name name show nat rule position position Parameters Parameter Description n a Example show nat rule name word ...

Page 646: ...ance Series R80 20 05 CLI Reference Guide 646 show nat rules Description Shows configuration of all manually and auto generated NAT rules Syntax show nat rules Parameters Parameter Description n a Example show nat rules position 2 ...

Page 647: ...uide 647 show nat manual rules Description Shows configuration of manual NAT rules by name or position Syntax show nat manual rules name name show nat manual rules position Parameters Parameter Description name Rule name position Rule position Example show nat rule name word ...

Page 648: ...nat rule position SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 648 nat rule position ...

Page 649: ...9 delete nat rule position Description Deletes a manually configured NAT rule by position Syntax delete nat rule position position Parameters Parameter Description position The order of the rule in comparison to other manual rules Type Decimal number Example delete nat rule position 2 ...

Page 650: ...tion above position below position below name name disabled disabled Parameters Parameter Description comment Comment for manual NAT rule Type A string that contains less than 257 characters of this set 0 9 a z or disabled Indicates if rule is disabled Type Boolean true false enable arp proxy The gateway will reply to ARP requests sent to the original destination s IP address Does not apply to IP ...

Page 651: ... The order of the rule in comparison to other manual rules Type Decimal number translated destination Translated destination of rule translated service Translated service of rule translated source Translated source of rule Example set nat rule position 2 original source TEXT original destination TEXT original service TEXT translated source TEXT translated destination TEXT translated service TEXT c...

Page 652: ...netflow collector SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 652 netflow collector ...

Page 653: ...ported to each defined collector Syntax add netflow collector ip ip port port export format export format srcaddr srcaddr is enabled is enabled Parameters Parameter Description export format Export format Options Netflow_V9 Netflow_V5 ip IP address Type IP address is enabled Indicates if netflow is enabled Type Boolean true false port UDP port Type Port number srcaddr Source IP address Type IP add...

Page 654: ...tflow collector Description Deletes an existing Netflow collector object by IP address and port Syntax delete netflow collector ip ip port port Parameters Parameter Description ip IP address Type IP address port UDP port Type Port number Example delete netflow collector ip 192 168 1 1 port 8080 ...

Page 655: ...is enabled is enabled Parameters Parameter Description export format Export format Options Netflow_V9 Netflow_V5 for ip IP address Type IP address for port UDP port Type Port number ip IP address Type IP address is enabled Indicates if netflow is enabled Type Boolean true false port UDP port Type Port number srcaddr Source IP address Type IP address Example set netflow collector for ip 192 168 1 1...

Page 656: ... show netflow collector Description Shows configuration of a specific NetFlow collector Syntax show netflow collector ip ip port port Parameters Parameter Description ip IP address Type IP address port UDP port Type Port number Example show netflow collector ip 192 168 1 1 port 8080 ...

Page 657: ... Appliance Series R80 20 05 CLI Reference Guide 657 show netflow collectors Description Shows configuration of all NetFlow collectors Syntax show netflow collectors Parameters Parameter Description n a Example show netflow collectors ...

Page 658: ...network SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 658 network ...

Page 659: ... network name name network ipv4 address network ipv4 address subnet mask subnet mask mask length mask length Parameters Parameter Description mask length Mask length name Network Object name Type String network ipv4 address Network address subnet mask IP mask used in the related network Example add network name TEXT network ipv4 address 172 16 10 0 subnet mask 255 255 255 0 ...

Page 660: ...erence Guide 660 delete network Description Deletes an existing network address range object a network and a subnet mask by object name Syntax delete network name Parameters Parameter Description name Network Object name Type String Example delete network TEXT ...

Page 661: ... name network ipv4 address network ipv4 address subnet mask subnet mask mask length mask length Parameters Parameter Description mask length Mask length name Network Object name Type String network ipv4 address Network address subnet mask IP mask used in the related network Example set network TEXT name TEXT network ipv4 address 172 16 10 0 subnet mask 255 255 255 0 ...

Page 662: ... R80 20 05 CLI Reference Guide 662 show network Description Shows configuration of a specific IP address network object Syntax show network name Parameters Parameter Description name Network Object name Type String Example show network TEXT ...

Page 663: ...B 1500 Appliance Series R80 20 05 CLI Reference Guide 663 show networks Description Shows configuration of all IP address network objects Syntax show networks Parameters Parameter Description n a Example show networks ...

Page 664: ...og SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 664 show notifications log Description Show the notification logs Syntax show notifications log Parameters Parameter Description n a Example show notifications log ...

Page 665: ...notifications policy SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 665 notifications policy These commands are relevant for notifications policy ...

Page 666: ...Parameters Parameter Description send detailed push notifications Notification previews may contain information about your network Turning it off means that the security gateway removes this information from the push notification Type Boolean true false send push notifications Indicates whether notifications are sent to mobile application Type Boolean true false send cloud notifications Enable sen...

Page 667: ...ns policy Description Configure the policy for sending notifications to the user Syntax set notifications policy advanced settings limit push notifications limit push notifications Parameters Parameter Description n a Example set notifications policy advanced settings limit push notifications 1000000 ...

Page 668: ...tions policy Description Configure the policy for sending notifications to the user Syntax set notifications policy advanced settings send push notifications send push notifications Parameters Parameter Description n a Example set notifications policy advanced settings send push notifications true ...

Page 669: ...ance Series R80 20 05 CLI Reference Guide 669 show notifications policy Description Show the policy for sending notifications to the user Syntax show notifications policy Parameters Parameter Description n a Example show notifications policy ...

Page 670: ... 05 CLI Reference Guide 670 show notifications policy Description Show the policy for sending notifications to the user Syntax show notifications policy advanced settings Parameters Parameter Description n a Example show notifications policy advanced settings ...

Page 671: ...ntp SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 671 ntp ...

Page 672: ...set ntp SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 672 set ntp Configures NTP settings ...

Page 673: ...local time zone local time zone auto adjust daylight saving auto adjust daylight saving Parameters Parameter Description auto adjust daylight saving Auto daylight Options on off local time zone Region on earth that has a uniform standard time Example set ntp local time zone GMT 11 00 Midway Island auto adjust daylight saving on ...

Page 674: ... 05 CLI Reference Guide 674 set ntp Description Enables Disables NTP functionality Syntax set ntp active active Parameters Parameter Description active Region on earth that has a uniform standard time Options on off Example set ntp active on ...

Page 675: ... set ntp Description Configures NTP settings Syntax set ntp interval interval Parameters Parameter Description interval Time interval minutes to update date and time settings from the NTP server Type A number with no fractional part integer Example set ntp interval 15 ...

Page 676: ...on auth Authentication with NTP servers flag Type Press TAB to see available options secret Key string for authentication with the NTP servers Type A string that contains alphanumeric and special characters secret id Authentication key identifier Type A number with no fractional part Values are between 4 503 599 627 370 495 to 4 503 599 627 370 495 Example set ntp auth on secret id 455397 secret a...

Page 677: ...show ntp SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 677 show ntp Description Shows NTP configuration Syntax show ntp Parameters Parameter Description n a Example show ntp ...

Page 678: ...p active SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 678 show ntp active Description Shows NTP activation status Syntax show ntp active Parameters Parameter Description n a Example show ntp active ...

Page 679: ...ntp server SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 679 ntp server ...

Page 680: ...set ntp server SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 680 set ntp server Configures NTP server settings ...

Page 681: ...ference Guide 681 set ntp server Description Configures primary NTP server s IP address Syntax set ntp server primary primary Parameters Parameter Description primary Primary NTP server Type An IP address or host name Example set ntp server primary myHost com ...

Page 682: ...e Guide 682 set ntp server Description Configures secondary NTP server s IP address Syntax set ntp server secondary secondary Parameters Parameter Description secondary Secondary NTP server Type An IP address or host name Example set ntp server secondary myHost com ...

Page 683: ...ervers SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 683 show ntp servers Description Shows all defined NTP servers Syntax show ntp servers Parameters Parameter Description n a Example show ntp servers ...

Page 684: ...periodic backup SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 684 periodic backup ...

Page 685: ...tional part integer day of week Day of the week to backup Options sunday monday tuesday wednesday thursday friday saturday encryption password Encryption password Type A string that contains alphanumeric and special characters file encryption Choose whether to encrypt the backup data Type Boolean true false hour Scheduled backup hour The backup will be performed during this hour Type A number with...

Page 686: ... server username Backup server username Type A string that contains 0 9 a z up to 64 characters without spaces Example set periodic backup mode true server address backupUrl server username admin server password a 7Ba file encryption true encryption password a 7Ba schedule monthly day of month 2 hour 2 ...

Page 687: ...SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 687 show periodic backup Description Shows periodic backup configuration Syntax show periodic backup Parameters Parameter Description n a Example show periodic backup ...

Page 688: ...ables or enables first time configuration from the USB autoplay configuration or the WebUI Syntax set property USB_auto_configuration always once off first time wizard always once Parameters Parameter Description n a Example n set property USB_auto_configuration off n set property first time wizard off ...

Page 689: ...privacy settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 689 privacy settings ...

Page 690: ...n Advanced Settings select if the customer consents to sending diagnostic data to Check Point Syntax set privacy settings advanced settings customer consent customer consent Parameters Parameter Description customer consent Type Boolean true false Example set privacy settings advanced settings customer consent true ...

Page 691: ...1 show privacy settings Description In Advanced Settings show if the customer consents to sending diagnostic data Syntax show privacy settings advanced settings Parameters Parameter Description n a Example show privacy settings advanced settings Sample Output customer consent true ...

Page 692: ...proxy SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 692 proxy ...

Page 693: ...SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 693 delete proxy Description Deletes configured proxy settings for the appliance Syntax delete proxy Parameters Parameter Description n a Example delete proxy ...

Page 694: ...set proxy SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 694 set proxy Configures proxy settings for connecting with Check Point update and license servers ...

Page 695: ...cting with Check Point update and license servers when the device is located behind a proxy server Syntax set proxy server server port port Parameters Parameter Description port The proxy port Type Port number server The proxy Host name or IP address Type An IP address or host name Example set proxy server myHost com port 8080 ...

Page 696: ...oxy configuration for the device Syntax set proxy enable disable Parameters Parameter Description use proxy A proxy server between the appliance and the Internet This proxy server will be used when the appliance s internal processes must reach a Check Point server Type Boolean true false Example set proxy true ...

Page 697: ...show proxy SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 697 show proxy Description Shows proxy configuration Syntax show proxy Parameters Parameter Description n a Example show proxy ...

Page 698: ...qos SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 698 qos ...

Page 699: ...set qos SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 699 set qos Configures QoS policy ...

Page 700: ...ries R80 20 05 CLI Reference Guide 700 set qos Description Enables Disables the QoS Syntax set qos mode mode Parameters Parameter Description mode Indicates if QoS blade is enabled Type Boolean true false Example set qos mode true ...

Page 701: ...rcentage guarantee bandwidth percentage guarantee bandwidth traffic guarantee bandwidth traffic guarantee bandwidth on services guarantee bandwidth on services ensure low latency for delay sensitive services ensure low latency for delay sensitive services Parameters Parameter Description n a Example set qos default policy limit bandwidth consuming applications true limit upload traffic true upload...

Page 702: ... 702 set qos Description Configures advanced QoS settings Syntax set qos low latency traffic maximum percentage of bandwidth maximum percentage of bandwidth Parameters Parameter Description n a Example set qos low latency traffic maximum percentage of bandwidth 80 ...

Page 703: ...s R80 20 05 CLI Reference Guide 703 set qos Description Configures advanced QoS settings Syntax set qos advanced settings qos logging qos logging Parameters Parameter Description n a Example set qos advanced settings qos logging true ...

Page 704: ...show qos SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 704 show qos Shows the policy of the QoS blade ...

Page 705: ...show qos SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 705 show qos Description Shows the policy of the QoS blade Syntax show qos Parameters Parameter Description n a Example show qos ...

Page 706: ... Appliance Series R80 20 05 CLI Reference Guide 706 show qos Description Shows advanced settings of the QoS blade Syntax show qos advanced settings Parameters Parameter Description n a Example show qos advanced settings ...

Page 707: ...qos delay sensitive service SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 707 qos delay sensitive service ...

Page 708: ...set qos delay sensitive service SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 708 set qos delay sensitive service Configures a default used group of services that are delay sensitive ...

Page 709: ...os delay sensitive service Description Adds an existing service object to the default group of services that are delay sensitive Syntax set qos delay sensitive service add service service Parameters Parameter Description service Service name Example set qos delay sensitive service add service TEXT ...

Page 710: ...lay sensitive service Description Removes an existing service object from the default group of services that are delay sensitive Syntax set qos delay sensitive service remove service service Parameters Parameter Description service Service name Example set qos delay sensitive service remove service TEXT ...

Page 711: ...80 20 05 CLI Reference Guide 711 show qos delay sensitive services Description Shows the group of services that are considered delay sensitive Syntax show qos delay sensitive services Parameters Parameter Description n a Example show qos delay sensitive services ...

Page 712: ...qos guarantee bandwidth selected services SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 712 qos guarantee bandwidth selected services ...

Page 713: ...lected services SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 713 set qos guarantee bandwidth selected services Configures a default used group of services that will be guaranteed bandwidth according to QoS default policy ...

Page 714: ...ces Description Adds an existing service object to the default used group of services that will be guaranteed bandwidth according to QoS default policy Syntax set qos guarantee bandwidth selected services add service service Parameters Parameter Description service Service name Example set qos guarantee bandwidth selected services add service TEXT ...

Page 715: ...escription Removes an existing service object from the default used group of services that will be guaranteed bandwidth according to QoS default policy Syntax set qos guarantee bandwidth selected services remove service service Parameters Parameter Description service Service name Example set qos guarantee bandwidth selected services remove service TEXT ...

Page 716: ...uide 716 show qos guarantee bandwidth selected services Description Shows the group of services that can be guaranteed bandwidth in the QoS default policy Syntax show qos guarantee bandwidth selected services Parameters Parameter Description n a Example show qos guarantee bandwidth selected services ...

Page 717: ...qos rule SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 717 qos rule ...

Page 718: ...iffserv mark val false name name position position position above position above position below position below Parameters Parameter Description comment Description of the rule Type A string that contains less than 257 characters of this set 0 9 a z or destination Network object that is the target of the connection diffserv mark DiffServ Mark is a way to mark connections so a third party will handl...

Page 719: ...atency of the rule low or normal Type Press TAB to see available options name name Type A string of alphanumeric characters without space between them position The order of the rule in comparison to other manual rules Type Decimal number position above The order of the rule in comparison to other manual rules Type Decimal number position below The order of the rule in comparison to other manual ru...

Page 720: ...on TEXT service TEXT low latency rule normal limit bandwidth true limit percentage 15 guarantee bandwidth true guarantee percentage 30 weight 30 log none comment This is a comment vpn true hours range enabled true hours range from 23 20 hours range to 23 20 diffserv mark true diffserv mark val 5 name word position 2 ...

Page 721: ...delete qos rule SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 721 delete qos rule Deletes an existing bandwidth latency control rule in the QoS Rule Base ...

Page 722: ...te qos rule Description Deletes an existing bandwidth latency control rule in the QoS Rule Base by idx Syntax delete qos rule idx idx Parameters Parameter Description idx The order of the rule in comparison to other manual rules Type Decimal number Example delete qos rule idx 3 141 ...

Page 723: ...te qos rule Description Deletes an existing bandwidth latency control rule in the QoS Rule Base by name Syntax delete qos rule name name Parameters Parameter Description name name Type A string of alphanumeric characters without space between them Example delete qos rule name word ...

Page 724: ...set qos rule SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 724 set qos rule Configures an existing bandwidth latency control rule within the QoS blade policy ...

Page 725: ... true diffserv mark val diffserv mark val false name name position position position above position above position below position below disabled disabled Parameters Parameter Description comment Description of the rule Type A string that contains less than 257 characters of this set 0 9 a z or destination Network object that is the target of the connection diffserv mark DiffServ Mark is a way to m...

Page 726: ...imit percentage Traffic limit percentage Type A number with no fractional part integer log Defines which logging method to use None do not log Log Create log Options none log low latency rule The latency of the rule low or normal Type Press TAB to see available options name name Type A string of alphanumeric characters without space between them position The order of the rule in comparison to othe...

Page 727: ...ed for other rules Type A number with no fractional part integer Example set qos rule idx 3 141 source TEXT destination TEXT service TEXT low latency rule normal limit bandwidth true limit percentage 80 guarantee bandwidth true guarantee percentage 80 weight 15 log none comment This is a comment vpn true hours range enabled true hours range from 23 20 hours range to 23 20 diffserv mark true diffse...

Page 728: ...k true diffserv mark val diffserv mark val false name name position position position above position above position below position below disabled disabled Parameters Parameter Description comment Description of the rule Type A string that contains less than 257 characters of this set 0 9 a z or destination Network object that is the target of the connection diffserv mark DiffServ Mark is a way to ...

Page 729: ...Defines which logging method to use None do not log Log Create log Options none log low latency rule The latency of the rule low or normal Type Press TAB to see available options name name Type A string of alphanumeric characters without space between them position The order of the rule in comparison to other manual rules Type Decimal number position above The order of the rule in comparison to ot...

Page 730: ...l part integer Example set qos rule name word source TEXT destination TEXT service TEXT low latency rule normal limit bandwidth true limit percentage 80 guarantee bandwidth true guarantee percentage 80 weight 15 log none comment This is a comment vpn true hours range enabled true hours range from 23 20 hours range to 23 20 diffserv mark true diffserv mark val 5 name word position 2 disabled true ...

Page 731: ...show qos rule SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 731 show qos rule Shows configuration of QoS bandwidth latency control rules ...

Page 732: ...configuration of a QoS rule by ID Syntax show qos rule idx idx Parameters Parameter Description idx The order of the rule in comparison to other manual rules Type Decimal number position The order of the rule in comparison to other manual rules Type Decimal number Example show qos rule idx 3 141 position 2 ...

Page 733: ...configuration of a QoS rule by name Syntax show qos rule name name Parameters Parameter Description name name Type A string of alphanumeric characters without space between them position The order of the rule in comparison to other manual rules Type Decimal number Example show qos rule name word position 2 ...

Page 734: ...os rules Description Shows configuration of a QoS rule by position Syntax show qos rules position position Parameters Parameter Description position The order of the generated rules in the QoS Rule Base Type A number with no fractional part integer Example show qos rules position 2 ...

Page 735: ...radius server SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 735 radius server ...

Page 736: ...s server Description Deletes an existing configured RADIUS server Syntax delete radius server priority priority Parameters Parameter Description priority Priority of the choose tab can be primary or secondary Type A number with no fractional part integer Example delete radius server priority 1 ...

Page 737: ... tab can be primary or secondary Type A number with no fractional part integer shared secret Pre shared secret between the RADIUS server and the Appliance Type A string that contains alphanumeric and special characters timeout A timeout value in seconds for communication with the RADIUS server Type A number with no fractional part integer udp port The port number through which the RADIUS server co...

Page 738: ...us server Description Shows the configuration of a RADIUS server Syntax show radius server priority priority Parameters Parameter Description priority Priority of the choose tab can be primary or secondary Type A number with no fractional part integer Example show radius server priority 1 ...

Page 739: ...1500 Appliance Series R80 20 05 CLI Reference Guide 739 show radius servers Description Shows the configuration of all RADIUS servers Syntax show radius servers Parameters Parameter Description n a Example show radius servers ...

Page 740: ...reach my device SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 740 reach my device ...

Page 741: ...vice SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 741 set reach my device Configures the Reach my device service which enables connecting to the device s management portal even when the device is behind NAT ...

Page 742: ...e validation token validation token false Parameters Parameter Description existing host name Register with an existing host name Type Boolean true false host name Gateway Host name DNS Prefix Type A string of alphanumeric characters without space between them mode Reach my device mode on off Type Boolean true false validation token Gateway validation token Type A string of alphanumeric characters...

Page 743: ... advanced settings of the Reach my device service which enables connecting to the device s management portal even when the device is behind NAT Syntax set reach my device advanced settings ignore ssl cert ignore ssl cert Parameters Parameter Description n a Example set reach my device advanced settings ignore ssl cert true ...

Page 744: ...ach my device service which enables connecting to the device s management portal even when the device is behind NAT Syntax set reach my device advanced settings reach my device server addr reach my device server addr Parameters Parameter Description n a Example set reach my device advanced settings reach my device server addr http www checkpoint com ...

Page 745: ...show reach my device SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 745 show reach my device Shows the configuration of Reach My Device cloud service ...

Page 746: ...ppliance Series R80 20 05 CLI Reference Guide 746 show reach my device Description Shows the configuration of Reach My Device cloud service Syntax show reach my device Parameters Parameter Description n a Example show reach my device ...

Page 747: ...0 20 05 CLI Reference Guide 747 show reach my device Description Shows advanced settings of Reach My Device cloud service Syntax show reach my device advanced settings Parameters Parameter Description n a Example show reach my device advanced settings ...

Page 748: ...oups true radius groups radius groups false false Parameters Parameter Description radius auth Remote users RADIUS authentication Type Boolean true false radius groups RADIUS groups for authentication Example RADIUS group1 RADIUS class2 Type A string that contains A Z 0 9 _ and space characters use radius groups Use RADIUS groups for authentication Type Boolean true false Example set remote access...

Page 749: ...R80 20 05 CLI Reference Guide 749 show remote access users radius auth Description Shows RADIUS based users VPN remote access configuration Syntax show remote access users radius auth Parameters Parameter Description n a Example show remote access users radius auth ...

Page 750: ...reboot SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 750 reboot Description Reboots the system Syntax reboot Parameters Parameter Description n a Example reboot ...

Page 751: ... can be located on a USB device or on a TFTP server Syntax restore settings from usb tftp server serverIP filename file_name Parameters Parameter Description file_name Name of the backup file serverIP IPv4 address of the TFTP server Example restore settings from tftp server 1 1 1 1 filename sg80 Comments The appliance automatically reboots after the settings are restored ...

Page 752: ...display these restore settings log files n restore settings log Log file for restoring saved settings n restore default settings log Log file for restoring the default settings Syntax show restore settings log restore default settings log Parameters Parameter Description n a Example show restore settings log Output Success shows the restore settings log file Failure shows an appropriate error mess...

Page 753: ...erence Guide 753 show revert log Description Shows the log file of previous revert operations Syntax show revert log Parameters Parameter Description n a Example show revert log Output Success shows the revert log file Failure shows an appropriate error message ...

Page 754: ...vert the appliance to the original factory defaults This command deletes all data and software images from the appliance Syntax revert to factory defaults Parameters Parameter Description n a Example revert to factory defaults Output Success shows a warning message Enter yesto continue Failure shows an appropriate error message ...

Page 755: ...nce Guide 755 revert to saved image Description Reverts the appliance to the previous software image Syntax revert to previous image Parameters Parameter Description n a Example revert to previous image Output Success shows OK Failure shows an appropriate error message ...

Page 756: ...report settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 756 report settings ...

Page 757: ...set report settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 757 set report settings Configure local reports settings ...

Page 758: ...et report settings Description Configure advanced local reports settings Syntax set report settings advanced settings centrally max period centrally max period Parameters Parameter Description n a Example set report settings advanced settings centrally max period report period hour ...

Page 759: ...9 set report settings Description Configure advanced local reports settings Syntax set report settings advanced settings locally max period locally max period Parameters Parameter Description n a Example set report settings advanced settings locally max period report period hour ...

Page 760: ... R80 20 05 CLI Reference Guide 760 show report settings Description Shows report scheduling and creation configuration Syntax show report settings advanced settings Parameters Parameter Description n a Example show report settings advanced settings ...

Page 761: ...wall policy rule hits Syntax show rule hits top rule Parameters Parameter Description rule Number of rules in the security policy that are displayed Minimum value i 1 Return Value 0 on success 1 on failure Example show rule hits top 3 Output Success shows number of hits per rule Failure shows an appropriate error message ...

Page 762: ...ce Guide 762 show saved image Description Shows information about the saved backup image Syntax show saved image Parameters Parameter Description n a Example show saved image Output Success shows information about the image Failure shows an appropriate error message ...

Page 763: ...1500 Appliance Series R80 20 05 CLI Reference Guide 763 update security blades Description Manually update Software Blades Syntax update security blades all Parameters Parameter Description n a Example update security blades all ...

Page 764: ...security management SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 764 security management ...

Page 765: ...ide mgmt addr Indicates if the management address used in the next manual fetch command will be saved and continuously used instead of the address downloaded in the policy Type Boolean true false mgmt addr The IP address or hostname of the Security Management Server Type An IP address or host name send logs to Indicates from where the address of the log server is taken Type Press TAB to see availa...

Page 766: ...set security management SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 766 set security management Configures settings to connect to a remote Security Management Server and log server ...

Page 767: ... Description addr The logs are sent to this address Type An IP address or host name local override mgmt addr Indicates if the management address used in the next manual fetch command will be saved and continuously used instead of the address downloaded in the policy Type Boolean true false mgmt address IP address or hostname of the Security Management Server Type An IP address or host name send lo...

Page 768: ...s only the networking configurations are available and the security policy comes from the remote Security Management Server Syntax set security management mode mode Parameters Parameter Description mode Indicates whether the appliance is managed locally or centrally using a Check Point Security Management Server Options locally managed centrally managed Example set security management mode locally...

Page 769: ...ppliance Series R80 20 05 CLI Reference Guide 769 show security management Description Shows settings of the Security Management Server Syntax show security management Parameters Parameter Description n a Example show security management ...

Page 770: ...serial port SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 770 serial port ...

Page 771: ...set serial port SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 771 set serial port Configures the physical serial port settings ...

Page 772: ...escription disabled Indicates if the serial port is disabled flow control Indicates the method of data flow control to and from the serial port mode Indicates if the serial port is used to connect to the appliance s console a remote telnet server or allow a remote telnet connection to the device connected to the serial port port speed Indicates the port speed Baud Rate of the serial connection Exa...

Page 773: ...ures the physical serial port as a relay to which incoming TELNET traffic on a configured port will be redirected Syntax set serial port passive mode tcp port tcp port allow implicitly allow implicitly Parameters Parameter Description n a Example set serial port passive mode tcp port 8080 allow implicitly true ...

Page 774: ...o outgoing connection to a remote TELNET server Syntax set serial port active mode tcp port tcp port primary server address primary server address secondary server address secondary server address Parameters Parameter Description n a Example set serial port active mode tcp port 8080 primary server address myHost com secondary server address myHost com ...

Page 775: ...arameter Description disabled Indicates if the 9 PIN serial port is disabled flow control Indicates the method of data flow control to and from the 9 PIN serial port mode Indicates if the 9 PIN serial port can be used by a remote telnet server or allow a remote telnet connection to the device connected to the serial port port speed Indicates the 9 PIN port speed Baud Rate of the serial connection ...

Page 776: ...ial port nine pin Description Configure the settings for the 9 PIN serial port Syntax set serial port nine pin passive mode tcp port tcp port allow implicitly allow implicitly Parameters Parameter Description n a Example set serial port nine pin passive mode tcp port 8080 allow implicitly true ...

Page 777: ...or the 9 PIN serial port Syntax set serial port nine pin active mode tcp port tcp port primary server address primary server address secondary server address secondary server address Parameters Parameter Description n a Example set serial port nine pin active mode tcp port 8080 primary server address myHost com secondary server address myHost com ...

Page 778: ...t SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 778 show serial port Description Shows configuration for the serial port Syntax show serial port Parameters Parameter Description n a Example show serial port ...

Page 779: ...Appliance Series R80 20 05 CLI Reference Guide 779 show serial port nine pin Description Show the settings for the 9 PIN serial port Syntax show serial port nine pin Parameters Parameter Description n a Example show serial port nine pin ...

Page 780: ...server SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 780 server ...

Page 781: ... Comments Type A string that contains less than 257 characters of this set 0 9 a z or dhcp exclude ip addr Indicates if the internal DHCP service will not distribute the configured IP address of this server network object to anyone Type Press TAB to see available options dhcp reserve ip addr to mac Indicates if the internal DHCP service will distribute the configured IP address only to this server...

Page 782: ...Protocol tcpProtocol Type Boolean true false udp ports UDP ports for server of type other Type Port range udpProtocol udpProtocol Type Boolean true false Example add server name myObject_17 ipv4 address 192 168 1 1 dhcp exclude ip addr on dhcp reserve ip addr to mac on mac addr 00 1C 7F 21 05 BE comments This is a comment dns resolving true type web server ...

Page 783: ...e server Description Deletes an existing server object Syntax delete server name Parameters Parameter Description name Server object name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example delete server myObject_17 ...

Page 784: ... Description Shows configuration of an existing server object Syntax show server name Parameters Parameter Description name Server object name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example show server myObject_17 ...

Page 785: ...rs SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 785 show servers Description Shows the configuration of all server objects Syntax show servers Parameters Parameter Description n a Example show servers ...

Page 786: ...service details SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 786 service details ...

Page 787: ...et device details hostname hostname country country Parameters Parameter Description country The country where you are located The country configured for the WLAN Options country hostname The appliance name used to identify the gateway Type A string that contains A Z 0 9 and characters Example set device details hostname My appliance country albania ...

Page 788: ... 1500 Appliance Series R80 20 05 CLI Reference Guide 788 show device details Description Shows configuration of basic device details Syntax show device details Parameters Parameter Description n a Example show device details ...

Page 789: ...service group SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 789 service group ...

Page 790: ...arameter Description comments Comments and explanation about the Service Group Type A string that contains less than 257 characters of this set 0 9 a z or member An association field for the contained services name Service Group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example add service group name myObject_17 comments This...

Page 791: ...ion Deletes an existing group object for service objects by object name Syntax delete service group name Parameters Parameter Description name Service Group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example delete service group myObject_17 ...

Page 792: ...set service group SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 792 set service group Configures an existing service objects group ...

Page 793: ...nd explanation about the Service Group Type A string that contains less than 257 characters of this set 0 9 a z or name Service Group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces new name Service Group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example set s...

Page 794: ...vice objects from an existing service objects group Syntax set service group name remove all members Parameters Parameter Description name Service Group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example set service group myObject_17 remove all members ...

Page 795: ... object to an existing service objects group Syntax set service group name add member member Parameters Parameter Description member Service name name Service Group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example set service group myObject_17 add member TEXT ...

Page 796: ...bject from an existing service objects group Syntax set service group name remove member member Parameters Parameter Description member Service name name Service Group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example set service group myObject_17 remove member TEXT ...

Page 797: ...oup Description Shows the content of a service object group Syntax show service group name Parameters Parameter Description name Service Group name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces Example show service group myObject_17 ...

Page 798: ...1500 Appliance Series R80 20 05 CLI Reference Guide 798 show service groups Description Shows the content of all service object groups Syntax show service groups Parameters Parameter Description n a Example show service groups ...

Page 799: ...service icmp SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 799 service icmp ...

Page 800: ... comments Parameters Parameter Description comments Comments and explanation about the service Type A string that contains less than 257 characters of this set 0 9 a z or icmp code ICMP code Type A number with no fractional part integer icmp type ICMP message type Type A number with no fractional part integer name Service name Type String Example add service icmp name TEXT icmp code 2 icmp type 5 ...

Page 801: ... R80 20 05 CLI Reference Guide 801 delete service icmp Description Deletes an existing ICMP type service object by name Syntax delete service icmp name Parameters Parameter Description name Service name Type String Example delete service icmp TEXT ...

Page 802: ...mments comments Parameters Parameter Description comments Comments and explanation about the service Type A string that contains less than 257 characters of this set 0 9 a z or icmp code ICMP code Type A number with no fractional part integer icmp type ICMP message type Type A number with no fractional part integer name Service name Type String Example set service icmp TEXT name TEXT icmp code 2 i...

Page 803: ...0 20 05 CLI Reference Guide 803 show service icmp Description Shows the configuration of a specific ICMP type service object Syntax show service icmp name Parameters Parameter Description name Service name Type String Example show service icmp TEXT ...

Page 804: ...protocol name name ip protocol ip protocol comments comments Parameters Parameter Description comments Comments and explanation about the service Type A string that contains less than 257 characters of this set 0 9 a z or ip protocol IP Protocol number Type A number with no fractional part integer name Service name Type String Example add service protocol name TEXT ip protocol 50 comments This is ...

Page 805: ...service protocol SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 805 service protocol ...

Page 806: ... R80 20 05 CLI Reference Guide 806 delete service protocol Description Deletes a non TCP UDP service object by name Syntax delete service protocol name Parameters Parameter Description name Service name Type String Example delete service protocol TEXT ...

Page 807: ...pacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out comments Comments and explanation about the service Type A string that contains less than 257 characters of this set 0 9 a z or ip protocol IP Protocol number Type A number with no fractional part integer match INSPECT expression that sea...

Page 808: ...0 05 CLI Reference Guide 808 Example set service protocol TEXT name TEXT ip protocol 50 comments This is a comment session timeout 15 accept replies true sync connections on cluster true match TEXT aggressive aging enable true aggressive aging timeout 15 ...

Page 809: ...05 CLI Reference Guide 809 show service protocol Description Shows the configuration of a specific non TCP UDP service object Syntax show service protocol name Parameters Parameter Description name Service name Type String Example show service protocol TEXT ...

Page 810: ...iance Series R80 20 05 CLI Reference Guide 810 show services protocol Description Shows the configuration of all non TCP UDP service objects Syntax show services protocol Parameters Parameter Description n a Example show services protocol ...

Page 811: ...ssible from by default accept all by default accept only from configured zones or define no server specific default access policy Manual policy rules will override this policy Type Press TAB to see available options allow ping to server Indicates if default access policy will work on ICMP traffic as well as defined ports This option will not work on multiple ports hidden behind the gateway Type Bo...

Page 812: ...lowed trusted zone vpn sites Indicates if encrypted traffic from remote VPN sites to the server is allowed or blocked by default Options blocked allowed trusted zone vpn users Indicates if encrypted traffic from VPN remote access users to the server is allowed or blocked by default Options blocked allowed Example set server server access myObject_17 access zones blocked trusted zone lan blocked tr...

Page 813: ...name Type A string that begins with a letter and contain up to 32 alphanumeric 0 9 a z _ characters without spaces nat settings Indicates the general NAT settings configured no NAT hide behind the gateway s external IP address or use a different external IP address Type Press TAB to see available options port address translation For servers with a single port indicates if the external port is not ...

Page 814: ...I Reference Guide 814 Example set server server nat settings myObject_17 nat settings static nat static nat ipv4 address 192 168 1 1 static nat for outgoing traffic true port address translation true port address translation external port 8080 force source hide nat true ...

Page 815: ... addr Indicates if the internal DHCP service will not distribute the configured IP address of this server network object to anyone Type Press TAB to see available options dhcp reserve ip addr to mac Indicates if the internal DHCP service will distribute the configured IP address only to this server network object according to its MAC address Type Press TAB to see available options dns resolving In...

Page 816: ...s R80 20 05 CLI Reference Guide 816 Example set server server network settings myObject_17 name myObject_17 dhcp exclude ip addr on dhcp reserve ip addr to mac on mac addr 00 1C 7F 21 05 BE comments This is a comment dns resolving true ipv4 address 192 168 1 1 ...

Page 817: ...tp server true service pptp selected true service pptp ports service pptp ports false false custom server true tcpProtocol tcpProtocol tcp ports tcp ports udpProtocol udpProtocol udp ports udp ports false Parameters Parameter Description citrix server Indicates a Citrix server for each type we provide default but configurable ports custom server Server type custom dns server Indicates a DNS server...

Page 818: ...ice https ports Configured ports for HTTPS for a web server service imap Indicates if ports are defined for IMAP for a mail server service imap ports Configured ports for IMAP for a web server service pop3 Indicates if ports are defined for POP3 for a mail server service pop3 ports Configured ports for POP3 for a web server service pptp ports Configured ports for PPTP for a PPTP server service ppt...

Page 819: ...e https true service https ports 8080 8090 mail server true service smtp true service smtp ports 8080 8090 service pop3 true service pop3 ports 8080 8090 service imap true service imap ports 8080 8090 dns server true service dns true service dns ports 8080 8090 ftp server true service ftp true service ftp ports 8080 8090 citrix server true service citrix true service citrix ports 8080 8090 pptp se...

Page 820: ...service system default SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 820 service system default ...

Page 821: ...able Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchronizing connections keep connections open after policy installation True to keep connections open after policy ha...

Page 822: ...ions synchronization use source port Use source port Example set service system default Any_TCP port 8080 8090 session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster true sync delay enable true delay sync interval 15 aggressive aging enable true aggressive aging timeout 15 ...

Page 823: ...R80 20 05 CLI Reference Guide 823 show service system default Any_TCP Description Shows the settings of the built in Any_TCP service object Syntax show service system default Any_TCP Parameters Parameter Description n a Example show service system default Any_TCP ...

Page 824: ... replies are to be accepted aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out keep connections open after policy installation True to keep connections open after policy has been installed even if they are not allowed under ...

Page 825: ...uide 825 Example set service system default Any_UDP port 8080 8090 session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster true aggressive aging enable true aggressive aging timeout 15 accept replies true ...

Page 826: ...R80 20 05 CLI Reference Guide 826 show service system default Any_UDP Description Shows the settings of the built in Any_UDP service object Syntax show service system default Any_UDP Parameters Parameter Description n a Example show service system default Any_UDP ...

Page 827: ...ble aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchronizing...

Page 828: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default CIFS port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster tr...

Page 829: ...ries R80 20 05 CLI Reference Guide 829 show service system default CIFS Description Shows the settings of the built in CIFS service object Syntax show service system default CIFS Parameters Parameter Description n a Example show service system default CIFS ...

Page 830: ... enable aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchroni...

Page 831: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default Citrix port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster ...

Page 832: ...s R80 20 05 CLI Reference Guide 832 show service system default Citrix Description Shows the settings of the built in Citrix service object Syntax show service system default Citrix Parameters Parameter Description n a Example show service system default Citrix ...

Page 833: ...rvice object Syntax set service system default Citrix firewall settings protocol support protocol support Parameters Parameter Description protocol support Which protocol to support on the configured ports The default port 1494 is commonly used by two different protocols Winframe or Citrix ICA Options PROTO_TYPE WIN_FRAME PROTO_TYPE CITRIX_ICA Example set service system default Citrix firewall set...

Page 834: ...e Guide 834 show service system default Citrix firewall settings Description Shows the inspection settings of the built in Citrix service object Syntax show service system default Citrix firewall settings Parameters Parameter Description n a Example show service system default Citrix firewall settings ...

Page 835: ...replies accept replies Parameters Parameter Description accept replies Specifies if service replies are to be accepted disable inspection Disable deep inspection of traffic matching this service Type Boolean true false port Destination ports a comma separated list of ports ranges Type Port range session timeout Time in seconds before the session times out source port Source port use source port Us...

Page 836: ...ries R80 20 05 CLI Reference Guide 836 show service system default DHCP Description Shows the settings of the built in DHCP service object Syntax show service system default DHCP Parameters Parameter Description n a Example show service system default DHCP ...

Page 837: ...ng enable aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchro...

Page 838: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default DNS_TCP port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster...

Page 839: ...R80 20 05 CLI Reference Guide 839 show service system default DNS_TCP Description Shows the settings of the built in DNS_TCP service object Syntax show service system default DNS_TCP Parameters Parameter Description n a Example show service system default DNS_TCP ...

Page 840: ...cept replies accept replies Parameters Parameter Description accept replies Specifies if service replies are to be accepted disable inspection Disable deep inspection of traffic matching this service Type Boolean true false port Destination ports a comma separated list of ports ranges Type Port range session timeout Time in seconds before the session times out source port Source port use source po...

Page 841: ...R80 20 05 CLI Reference Guide 841 show service system default DNS_UDP Description Shows the settings of the built in DNS_UDP service object Syntax show service system default DNS_UDP Parameters Parameter Description n a Example show service system default DNS_UDP ...

Page 842: ...e aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchronizing c...

Page 843: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default FTP port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster tru...

Page 844: ...eries R80 20 05 CLI Reference Guide 844 show service system default FTP Description Shows the settings of the built in FTP service object Syntax show service system default FTP Parameters Parameter Description n a Example show service system default FTP ...

Page 845: ...ettings Description Configures firewall inspection settings of the built in FTP service object Syntax set service system default FTP firewall settings mode mode Parameters Parameter Description mode FTP connection mode allowed values are Any Active or Passive Options any active passive Example set service system default FTP firewall settings mode any ...

Page 846: ...erence Guide 846 show service system default FTP firewall settings Description Shows the inspection settings of the built in FTP service object Syntax show service system default FTP firewall settings Parameters Parameter Description n a Example show service system default FTP firewall settings ...

Page 847: ...nections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out disable inspection Disable deep inspection of traffic matching this service Type Boolean true false ip protocol IP Protocol number Type A number with no fractional part integer keep connections open after policy installat...

Page 848: ... Guide 848 Example set service system default GRE ip protocol 15 disable inspection true session timeout 15 accept replies true match TEXT keep connections open after policy installation true sync connections on cluster true aggressive aging enable true aggressive aging timeout 15 ...

Page 849: ...eries R80 20 05 CLI Reference Guide 849 show service system default GRE Description Shows the settings of the built in GRE service object Syntax show service system default GRE Parameters Parameter Description n a Example show service system default GRE ...

Page 850: ...ds after connection initiation to start synchronizing connections disable inspection Disable deep inspection of traffic matching this service Type Boolean true false keep connections open after policy installation True to keep connections open after policy has been installed even if they are not allowed under the new policy port Destination ports a comma separated list of ports ranges Type Port ra...

Page 851: ...ce Guide 851 Example set service system default H323 port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster true sync delay enable true delay sync interval 15 ...

Page 852: ...ries R80 20 05 CLI Reference Guide 852 show service system default H323 Description Shows the settings of the built in H323 service object Syntax show service system default H323 Parameters Parameter Description n a Example show service system default H323 ...

Page 853: ...ccept replies accept replies Parameters Parameter Description accept replies Specifies if service replies are to be accepted disable inspection Disable deep inspection of traffic matching this service Type Boolean true false port Destination ports a comma separated list of ports ranges Type Port range session timeout Time in seconds before the session times out source port Source port use source p...

Page 854: ...80 20 05 CLI Reference Guide 854 show service system default H323_RAS Description Shows the settings of the built in H323_RAS service object Syntax show service system default H323_RAS Parameters Parameter Description n a Example show service system default H323_RAS ...

Page 855: ...ble aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchronizing...

Page 856: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default HTTP port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster tr...

Page 857: ...ries R80 20 05 CLI Reference Guide 857 show service system default HTTP Description Shows the settings of the built in HTTP service object Syntax show service system default HTTP Parameters Parameter Description n a Example show service system default HTTP ...

Page 858: ...nable aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchronizi...

Page 859: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default HTTPS port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster t...

Page 860: ...es R80 20 05 CLI Reference Guide 860 show service system default HTTPS Description Shows the settings of the built in HTTPS service object Syntax show service system default HTTPS Parameters Parameter Description n a Example show service system default HTTPS ...

Page 861: ...e content length duplicate content length duplicate host duplicate host responses responses invalid chunk invalid chunk empty value empty value post post recursive url recursive url trailing whitespaces trailing whitespaces Parameters Parameter Description duplicate content length True to block duplicate Content Length header with same value Type Boolean true false duplicate host True to block dup...

Page 862: ... headers Type Boolean true false split url True to split the URL between the query and fragment sections instructs the HTTP protections to inspect the query and fragment sections separately Type Boolean true false strict request True to enforce strict HTTP request parsing Type Boolean true false strict response True to enforce strict HTTP response parsing Type Boolean true false tab as seperator T...

Page 863: ...Reference Guide 863 show service system default HTTP ips settings Description Shows the inspection settings of the built in HTTP service object Syntax show service system default HTTP ips settings Parameters Parameter Description n a Example show service system default HTTP ips settings ...

Page 864: ...ng over HTTPS Enables categorization over HTTPS even without full SSL inspection Syntax set service system default HTTPS url filtering settings categorize https sites categorize https sites Parameters Parameter Description categorize https sites Categorize HTTPS sites by their certificate CN Type Boolean true false Example set service system default HTTPS url filtering settings categorize https si...

Page 865: ... 865 show service system default HTTPS url filtering settings Description Shows the configuration of URL filtering categorization option over HTTPS Syntax show service system default HTTPS url filtering settings Parameters Parameter Description n a Example show service system default HTTPS url filtering settings ...

Page 866: ...ble aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchronizing...

Page 867: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default IIOP port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster tr...

Page 868: ...ries R80 20 05 CLI Reference Guide 868 show service system default IIOP Description Shows the settings of the built in IIOP service object Syntax show service system default IIOP Parameters Parameter Description n a Example show service system default IIOP ...

Page 869: ...ble aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchronizing...

Page 870: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default IMAP port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster tr...

Page 871: ...ries R80 20 05 CLI Reference Guide 871 show service system default IMAP Description Shows the settings of the built in IMAP service object Syntax show service system default IMAP Parameters Parameter Description n a Example show service system default IMAP ...

Page 872: ...ble aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchronizing...

Page 873: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default LDAP port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster tr...

Page 874: ...ries R80 20 05 CLI Reference Guide 874 show service system default LDAP Description Shows the settings of the built in LDAP service object Syntax show service system default LDAP Parameters Parameter Description n a Example show service system default LDAP ...

Page 875: ...replies accept replies Parameters Parameter Description accept replies Specifies if service replies are to be accepted disable inspection Disable deep inspection of traffic matching this service Type Boolean true false port Destination ports a comma separated list of ports ranges Type Port range session timeout Time in seconds before the session times out source port Source port use source port Us...

Page 876: ...ries R80 20 05 CLI Reference Guide 876 show service system default MGCP Description Shows the settings of the built in MGCP service object Syntax show service system default MGCP Parameters Parameter Description n a Example show service system default MGCP ...

Page 877: ...urce port accept replies accept replies Parameters Parameter Description accept replies Specifies if service replies are to be accepted disable inspection Disable deep inspection of traffic matching this service Type Boolean true false port Destination ports a comma separated list of ports ranges Type Port range session timeout Time in seconds before the session times out source port Source port u...

Page 878: ...I Reference Guide 878 show service system default NetBIOSDatagram Description Shows the settings of the built in NetBiosDatagram service object Syntax show service system default NetBIOSDatagram Parameters Parameter Description n a Example show service system default NetBIOSDatagram ...

Page 879: ...ort accept replies accept replies Parameters Parameter Description accept replies Specifies if service replies are to be accepted disable inspection Disable deep inspection of traffic matching this service Type Boolean true false port Destination ports a comma separated list of ports ranges Type Port range session timeout Time in seconds before the session times out source port Source port use sou...

Page 880: ... 05 CLI Reference Guide 880 show service system default NetBIOSName Description Shows the settings of the built in NetBiosName service object Syntax show service system default NetBIOSName Parameters Parameter Description n a Example show service system default NetBIOSName ...

Page 881: ...ng enable aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchro...

Page 882: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default NetShow port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster...

Page 883: ...R80 20 05 CLI Reference Guide 883 show service system default NetShow Description Shows the settings of the built in NetShow service object Syntax show service system default NetShow Parameters Parameter Description n a Example show service system default NetShow ...

Page 884: ...ble aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchronizing...

Page 885: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default NNTP port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster tr...

Page 886: ...ries R80 20 05 CLI Reference Guide 886 show service system default NNTP Description Shows the settings of the built in NNTP service object Syntax show service system default NNTP Parameters Parameter Description n a Example show service system default NNTP ...

Page 887: ...ble aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchronizing...

Page 888: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default POP3 port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster tr...

Page 889: ...ries R80 20 05 CLI Reference Guide 889 show service system default POP3 Description Shows the settings of the built in POP3 service object Syntax show service system default POP3 Parameters Parameter Description n a Example show service system default POP3 ...

Page 890: ...ging enable aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synch...

Page 891: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default PPTP_TCP port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluste...

Page 892: ...80 20 05 CLI Reference Guide 892 show service system default PPTP_TCP Description Shows the settings of the built in PPTP_TCP service object Syntax show service system default PPTP_TCP Parameters Parameter Description n a Example show service system default PPTP_TCP ...

Page 893: ...em default PPTP_TCP ips settings action action track track strict strict Parameters Parameter Description action Select action for PPTP connections allowed values are Accept and Block Options block accept strict True to enforce strict PPTP parsing Type Boolean true false track Select track option for PPTP connections allowed values are log alert and don t log Options none log alert Example set ser...

Page 894: ...ence Guide 894 show service system default PPTP_TCP ips settings Description Shows the inspection settings of the built in Any_TCP service object Syntax show service system default PPTP_TCP ips settings Parameters Parameter Description n a Example show service system default PPTP_TCP ips settings ...

Page 895: ... aging enable aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start syn...

Page 896: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default RealAudio port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on clust...

Page 897: ... 20 05 CLI Reference Guide 897 show service system default RealAudio Description Shows the settings of the built in RealAudio service object Syntax show service system default RealAudio Parameters Parameter Description n a Example show service system default RealAudio ...

Page 898: ...e aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchronizing c...

Page 899: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default RSH port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster tru...

Page 900: ...eries R80 20 05 CLI Reference Guide 900 show service system default RSH Description Shows the settings of the built in RSH service object Syntax show service system default RSH Parameters Parameter Description n a Example show service system default RSH ...

Page 901: ...ble aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchronizing...

Page 902: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default RTSP port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster tr...

Page 903: ...ries R80 20 05 CLI Reference Guide 903 show service system default RTSP Description Shows the settings of the built in RTSP service object Syntax show service system default RTSP Parameters Parameter Description n a Example show service system default RTSP ...

Page 904: ...ble aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchronizing...

Page 905: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default SCCP port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster tr...

Page 906: ...ries R80 20 05 CLI Reference Guide 906 show service system default SCCP Description Shows the settings of the built in SCCP service object Syntax show service system default SCCP Parameters Parameter Description n a Example show service system default SCCP ...

Page 907: ...nable aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchronizi...

Page 908: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default SCCPS port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster t...

Page 909: ...es R80 20 05 CLI Reference Guide 909 show service system default SCCPS Description Shows the settings of the built in SCCPS service object Syntax show service system default SCCPS Parameters Parameter Description n a Example show service system default SCCPS ...

Page 910: ...ng enable aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchro...

Page 911: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default SIP_TCP port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster...

Page 912: ...R80 20 05 CLI Reference Guide 912 show service system default SIP_TCP Description Shows the settings of the built in SIP_TCP service object Syntax show service system default SIP_TCP Parameters Parameter Description n a Example show service system default SIP_TCP ...

Page 913: ...cept replies accept replies Parameters Parameter Description accept replies Specifies if service replies are to be accepted disable inspection Disable deep inspection of traffic matching this service Type Boolean true false port Destination ports a comma separated list of ports ranges Type Port range session timeout Time in seconds before the session times out source port Source port use source po...

Page 914: ...R80 20 05 CLI Reference Guide 914 show service system default SIP_UDP Description Shows the settings of the built in SIP_UDP service object Syntax show service system default SIP_UDP Parameters Parameter Description n a Example show service system default SIP_UDP ...

Page 915: ...ble aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchronizing...

Page 916: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default SMTP port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster tr...

Page 917: ...ries R80 20 05 CLI Reference Guide 917 show service system default SMTP Description Shows the settings of the built in SMTP service object Syntax show service system default SMTP Parameters Parameter Description n a Example show service system default SMTP ...

Page 918: ...replies accept replies Parameters Parameter Description accept replies Specifies if service replies are to be accepted disable inspection Disable deep inspection of traffic matching this service Type Boolean true false port Destination ports a comma separated list of ports ranges Type Port range session timeout Time in seconds before the session times out source port Source port use source port Us...

Page 919: ...ries R80 20 05 CLI Reference Guide 919 show service system default SNMP Description Shows the settings of the built in SNMP service object Syntax show service system default SNMP Parameters Parameter Description n a Example show service system default SNMP ...

Page 920: ...efault SNMP firewall settings Description Additional configuration for SNMP service Syntax set service system default SNMP firewall settings read only read only Parameters Parameter Description read only True to enforce read only mode Type Boolean true false Example set service system default SNMP firewall settings read only true ...

Page 921: ...ence Guide 921 show service system default SNMP firewall settings Description Shows the inspection settings of the built in SNMP service object Syntax show service system default SNMP firewall settings Parameters Parameter Description n a Example show service system default SNMP firewall settings ...

Page 922: ... enable aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchroni...

Page 923: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default SQLNet port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster ...

Page 924: ...s R80 20 05 CLI Reference Guide 924 show service system default SQLNet Description Shows the settings of the built in SQLNet service object Syntax show service system default SQLNet Parameters Parameter Description n a Example show service system default SQLNet ...

Page 925: ...e aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchronizing c...

Page 926: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default SSH port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster tru...

Page 927: ...eries R80 20 05 CLI Reference Guide 927 show service system default SSH Description Shows the settings of the built in SSH service object Syntax show service system default SSH Parameters Parameter Description n a Example show service system default SSH ...

Page 928: ...Description Configures additional inspection settings of the built in SSH service object Syntax set service system default SSH ips settings block version block version Parameters Parameter Description block version True to enforce blocking of version 1 x Type Boolean true false Example set service system default SSH ips settings block version true ...

Page 929: ...I Reference Guide 929 show service system default SSH ips settings Description Shows the inspection settings of the built in SSH service object Syntax show service system default SSH ips settings Parameters Parameter Description n a Example show service system default SSH ips settings ...

Page 930: ... enable aggressive aging timeout aggressive aging timeout Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out delay sync interval Time in seconds after connection initiation to start synchroni...

Page 931: ...ynchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service system default TELNET port 8080 8090 disable inspection true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster ...

Page 932: ...s R80 20 05 CLI Reference Guide 932 show service system default TELNET Description Shows the settings of the built in TELNET service object Syntax show service system default TELNET Parameters Parameter Description n a Example show service system default TELNET ...

Page 933: ...eplies Specifies if service replies are to be accepted disable inspection Disable deep inspection of traffic matching this service Type Boolean true false keep connections open after policy installation True to keep connections open after policy has been installed even if they are not allowed under the new policy port Destination ports a comma separated list of ports ranges Type Port range session...

Page 934: ...5 CLI Reference Guide 934 Example set service system default TFTP port 8080 8090 disable inspection true accept replies true session timeout 15 use source port false source port 8080 keep connections open after policy installation true sync connections on cluster true ...

Page 935: ...ries R80 20 05 CLI Reference Guide 935 show service system default TFTP Description Shows the settings of the built in TFTP service object Syntax show service system default TFTP Parameters Parameter Description n a Example show service system default TFTP ...

Page 936: ...service tcp SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 936 service tcp ...

Page 937: ...name name port port comments comments Parameters Parameter Description comments Comments and explanation about the service Type A string that contains less than 257 characters of this set 0 9 a z or name Service name Type String port Destination ports a comma separated list of ports ranges Type Port range Example add service tcp name TEXT port 8080 8090 comments This is a comment ...

Page 938: ...source port source port Parameters Parameter Description aggressive aging enable Enable to manage the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out comments Comments and explanation about the service Type A string that contains less than 257 characters of this set...

Page 939: ...only those with synchronize connections on cluster will be synchronized as they pass through the cluster sync delay enable True to delay connections synchronization use source port Use source port Example set service tcp TEXT name TEXT port 8080 8090 comments This is a comment session timeout 15 sync connections on cluster true sync delay enable true delay sync interval 15 aggressive aging enable ...

Page 940: ...ce Series R80 20 05 CLI Reference Guide 940 delete service tcp Description Deletes a TCP service object by name Syntax delete service tcp name Parameters Parameter Description name Service name Type String Example delete service tcp TEXT ...

Page 941: ...s R80 20 05 CLI Reference Guide 941 show service tcp Description Shows the configuration of a specific TCP service object Syntax show service tcp name Parameters Parameter Description name Service name Type String Example show service tcp TEXT ...

Page 942: ...1500 Appliance Series R80 20 05 CLI Reference Guide 942 show services tcp Description Shows the configuration of all TCP service objects Syntax show services tcp Parameters Parameter Description n a Example show services tcp ...

Page 943: ...service udp SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 943 service udp ...

Page 944: ...name name port port comments comments Parameters Parameter Description comments Comments and explanation about the service Type A string that contains less than 257 characters of this set 0 9 a z or name Service name Type String port Destination ports a comma separated list of ports ranges Type Port range Example add service udp name TEXT port 8080 8090 comments This is a comment ...

Page 945: ...ce Series R80 20 05 CLI Reference Guide 945 delete service udp Description Deletes a UDP service object by name Syntax delete service udp name Parameters Parameter Description name Service name Type String Example delete service udp TEXT ...

Page 946: ...age the connections table capacity and memory consumption of the firewall to increase durability and stability aggressive aging timeout Time in seconds before the aggressive aging times out comments Comments and explanation about the service Type A string that contains less than 257 characters of this set 0 9 a z or name Service name Type String port Destination ports a comma separated list of por...

Page 947: ...R80 20 05 CLI Reference Guide 947 Example set service udp TEXT name TEXT port 8080 8090 comments This is a comment session timeout 15 accept replies true sync connections on cluster true aggressive aging enable true aggressive aging timeout 15 ...

Page 948: ...s R80 20 05 CLI Reference Guide 948 show service udp Description Shows the configuration of a specific UDP service object Syntax show service udp name Parameters Parameter Description name Service name Type String Example show service udp TEXT ...

Page 949: ...1500 Appliance Series R80 20 05 CLI Reference Guide 949 show services udp Description Shows the configuration of all UDP service objects Syntax show services udp Parameters Parameter Description n a Example show services udp ...

Page 950: ... Appliance Series R80 20 05 CLI Reference Guide 950 show services icmp Description Shows the configuration of all ICMP type service objects Syntax show services icmp Parameters Parameter Description n a Example show services icmp ...

Page 951: ...ference Guide 951 shell expert The shelland expertcommands switch between the shell and expert modes Description Changes to expert mode Syntax shell expert Parameters Parameter Description n a Example shell Comments Use the cpshell command to start cpshell ...

Page 952: ...nce Guide 952 set sic_init Description Sets the SIC password Syntax set sic_init password pass Parameters Parameter Description pass One time password as specified by the Security Management Server administrator Example set sic_init password verySecurePassword ...

Page 953: ...name print the table content s for summary ranges print the range content tab d templates print only templates in drop state dbg options set the sim debug flags affinity get set affinity options nonaccel s c name s set or clear interface s as not accelerated feature feature on off enable disable features tmplquota options configure template quota feature hlqos options configure Heavy Load CPU QOS ...

Page 954: ...snmp SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 954 snmp ...

Page 955: ...add snmp SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 955 add snmp Adds SNMP trap receiver and SNMP users to the SNMP configuration ...

Page 956: ... Parameters Parameter Description community Community name of the receivers trap public is default for version2 users Type A string of alphanumeric characters without space between them traps receiver Receivers IP address that the trap associated with Type IP address user SNMP version3 Defined user version SNMP Version options are v2 or v3 Type Press TAB to see available options Example add snmp t...

Page 957: ...ic and special characters auth pass type Authentication protocol type for the version3 user options are MD5 or SHA1 Options MD5 SHA1 privacy pass phrase Privacy password chosen by the version3 user in case privacy is set Type A string that contains alphanumeric and special characters privacy pass type Privacy protocol type for the version3 user options are AES or DES Options AES DES security level...

Page 958: ...delete snmp SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 958 delete snmp Deletes SNMP trap receivers and SNMP users ...

Page 959: ...snmp Description Deletes an existing SNMP trap receiver by IP address Syntax delete snmp traps receiver traps receiver Parameters Parameter Description traps receiver Receivers IP address that the trap associated with Type IP address Example delete snmp traps receiver 192 168 1 1 ...

Page 960: ...p SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 960 delete snmp Description Deletes a configured SNMP contact Syntax delete snmp contact Parameters Parameter Description n a Example delete snmp contact ...

Page 961: ... SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 961 delete snmp Description Deletes a configured SNMP location Syntax delete snmp location Parameters Parameter Description n a Example delete snmp location ...

Page 962: ...set snmp SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 962 set snmp Configures SNMP settings ...

Page 963: ...false agent version Is the defined SNMP version is version3 only Type Boolean true false community Community name of the SNMP public is the default Type A string of alphanumeric characters without space between them contact System contact name maximum length is 128 Type A string that contains less than 257 characters of this set 0 9 a z or location System location name Type A string that contains ...

Page 964: ... false agent version Is the defined SNMP version is version3 only Type Boolean true false community Community name of the SNMP public is the default Type A string of alphanumeric characters without space between them contact System contact name maximum length is 128 Type A string that contains less than 257 characters of this set 0 9 a z or location System location name Type A string that contains...

Page 965: ...ue false agent version Is the defined SNMP version is version3 only Type Boolean true false community Community name of the SNMP public is the default Type A string of alphanumeric characters without space between them contact System contact name maximum length is 128 Type A string that contains less than 257 characters of this set 0 9 a z or location System location name Type A string that contai...

Page 966: ...e false agent version Is the defined SNMP version is version3 only Type Boolean true false community Community name of the SNMP public is the default Type A string of alphanumeric characters without space between them contact System contact name maximum length is 128 Type A string that contains less than 257 characters of this set 0 9 a z or location System location name Type A string that contain...

Page 967: ...e false agent version Is the defined SNMP version is version3 only Type Boolean true false community Community name of the SNMP public is the default Type A string of alphanumeric characters without space between them contact System contact name maximum length is 128 Type A string that contains less than 257 characters of this set 0 9 a z or location System location name Type A string that contain...

Page 968: ...show snmp SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 968 show snmp Shows SNMP configuration ...

Page 969: ...ow snmp SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 969 show snmp Description Shows SNMP agent configuration Syntax show snmp agent Parameters Parameter Description n a Example show snmp agent ...

Page 970: ...1500 Appliance Series R80 20 05 CLI Reference Guide 970 show snmp Description Shows SNMP agent version configuration Syntax show snmp agent version Parameters Parameter Description n a Example show snmp agent version ...

Page 971: ...p SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 971 show snmp Description Shows SNMP community configuration Syntax show snmp community Parameters Parameter Description n a Example show snmp community ...

Page 972: ...snmp SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 972 show snmp Description Shows SNMP contact configuration Syntax show snmp contact Parameters Parameter Description n a Example show snmp contact ...

Page 973: ...mp SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 973 show snmp Description Shows SNMP location configuration Syntax show snmp location Parameters Parameter Description n a Example show snmp location ...

Page 974: ... all SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 974 show snmp general all Description Shows SNMP configuration Syntax show snmp general all Parameters Parameter Description n a Example show snmp general all ...

Page 975: ...snmp traps SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 975 snmp traps ...

Page 976: ...set snmp traps SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 976 set snmp traps Configures enables or disables traps from the list the enabled traps are sent to the trap receivers ...

Page 977: ... 05 CLI Reference Guide 977 set snmp traps Description Enable Disable SNMP traps functionality Syntax set snmp traps enable disable Parameters Parameter Description snmpTrapsEnable snmpTrapsEnable Type Boolean true false Example set snmp traps true ...

Page 978: ...itions on trap sending times between 0 10 optional field Type A number with no fractional part integer repetitions delay Wait time in seconds between sending each trap optional field Type A number with no fractional part integer severity Trap hazardous level optional field severity of the trap between 1 4 Type A number with no fractional part integer threshold The mathematical value associated wit...

Page 979: ...ers Parameter Description community Community name of the receivers trap public is default for version2 users Type A string of alphanumeric characters without space between them receiver Receivers IP address that the trap associated with Type IP address user SNMP version3 Defined user version SNMP Version options are v2 or v3 Type Press TAB to see available options Example set snmp traps receiver ...

Page 980: ...aps SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 980 show snmp traps Description Shows SNMP traps status Syntax show snmp traps status Parameters Parameter Description n a Example show snmp traps status ...

Page 981: ...ance Series R80 20 05 CLI Reference Guide 981 delete snmp traps receivers Description Deletes all configured SNMP trap receivers Syntax delete snmp traps receivers all Parameters Parameter Description n a Example delete snmp traps receivers all ...

Page 982: ...B 1500 Appliance Series R80 20 05 CLI Reference Guide 982 show snmp traps receivers Description Shows all SNMP trap receivers Syntax show snmp traps receivers Parameters Parameter Description n a Example show snmp traps receivers ...

Page 983: ...MB 1500 Appliance Series R80 20 05 CLI Reference Guide 983 show snmp traps enabled traps Description Shows all SNMP traps Syntax show snmp traps enabled traps Parameters Parameter Description n a Example show snmp traps enabled traps ...

Page 984: ...snmp user SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 984 snmp user ...

Page 985: ...de 985 delete snmp user Description Deletes a configured SNMP user by name Syntax delete snmp user user name Parameters Parameter Description user name version3 user name Type A string that contains 0 9 a z up to 64 characters without spaces Example delete snmp user admin ...

Page 986: ...c and special characters auth pass type Authentication protocol type for the version3 user options are MD5 or SHA1 Options MD5 SHA1 privacy pass phrase Privacy password chosen by the version3 user in case privacy is set Type A string that contains alphanumeric and special characters privacy pass type Privacy protocol type for the version3 user options are AES or DES Options AES DES security level ...

Page 987: ...Guide 987 show snmp user Description Shows the configuration of SNMP user Syntax show snmp user user name Parameters Parameter Description user name version3 user name Type A string that contains 0 9 a z up to 64 characters without spaces Example show snmp user admin ...

Page 988: ...s SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 988 show snmp users Description Shows the configuration of all SNMP users Syntax show snmp users Parameters Parameter Description n a Example show snmp users ...

Page 989: ...SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 989 delete snmp users Description Deletes all configured SNMP users Syntax delete snmp users all Parameters Parameter Description n a Example delete snmp users all ...

Page 990: ...90 show software version Description Shows the version of the current software Syntax show software version ver Parameters Parameter Description n a Example show software version Output Success shows the software version of the appliance Failure shows an appropriate error message ...

Page 991: ...ssl inspection advanced settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 991 ssl inspection advanced settings ...

Page 992: ...cates Parameters Parameter Description additional https ports Additional HTTPS ports for ssl inspection a comma separated list ofports ranges Type Port range bypass well known update services Bypass HTTPS Inspection of traffic to well known software update services Type Boolean true false log empty ssl connections Log connections that were terminated by the client before data was sent might indica...

Page 993: ... certificate with an unreachable CRL Type Boolean true false validate untrusted certificates Indicates if the SSL inspection mechanism will drop connections that present an untrusted server certificate Type Boolean true false Example set ssl inspection advanced settings bypass well known update services true validate crl true validate cert expiration true validate unreachable crl true track valida...

Page 994: ...eries R80 20 05 CLI Reference Guide 994 show ssl inspection advanced settings Description Show advanced settings for SSL Inspection Syntax show ssl inspection advanced settings Parameters Parameter Description n a Example show ssl inspection advanced settings ...

Page 995: ...ssl inspection exception SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 995 ssl inspection exception ...

Page 996: ...tegory negate If true the category is all traffic except what is defined in the category field Type Boolean true false comment Description of the rule Type A string that contains less than 257 characters of this set 0 9 a z or destination Network object that is the target of the connection destination negate If true the destination is all traffic except what is defined in the destination field Typ...

Page 997: ...track The action taken when there is a match on the rule Options none log alert Example add ssl inspection exception source TEXT source negate true destination TEXT destination negate true service TEXT service negate true category name TEXT category negate true comment This is a comment track none disabled true ...

Page 998: ...delete ssl inspection exception SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 998 delete ssl inspection exception Delete an existing SSL Inspection policy exception ...

Page 999: ...99 delete ssl inspection exception Description Delete an existing SSL Inspection policy exception Syntax delete ssl inspection exception position position Parameters Parameter Description position The index of exception Type Decimal number Example delete ssl inspection exception position 2 ...

Page 1000: ...es R80 20 05 CLI Reference Guide 1000 delete ssl inspection exception Description Delete an existing SSL Inspection policy exception Syntax delete ssl inspection exception all Parameters Parameter Description n a Example delete ssl inspection exception all ...

Page 1001: ...eter Description category id Application or custom application name category name Application or custom application name category negate If true the category is all traffic except what is defined in the category field Type Boolean true false comment Description of the rule Type A string that contains less than 257 characters of this set 0 9 a z or destination Network object that is the target of t...

Page 1002: ...hat initiates the connection source negate If true the source is all traffic except what is defined in the source field Type Boolean true false track The action taken when there is a match on the rule Options none log alert Example set ssl inspection exception position 2 source TEXT source negate true destination TEXT destination negate true service TEXT service negate true category name TEXT cate...

Page 1003: ...n exception Description Show the configuration of a specific SSL Inspection policy exception Syntax show ssl inspection exception position position position position Parameters Parameter Description position The index of exception Type Decimal number Example show ssl inspection exception position 2 position 2 ...

Page 1004: ...004 show ssl inspection exceptions Description Show all configured SSL Inspection policy exceptions Syntax show ssl inspection exceptions position position Parameters Parameter Description position The index of exception Type Decimal number Example show ssl inspection exceptions position 2 ...

Page 1005: ...ssl inspection policy SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1005 ssl inspection policy ...

Page 1006: ...ireless ssl inspection bypass untrusted wireless ssl inspection bypass untrusted wireless ssl inspection bypass well known update services bypass well known update services Parameters Parameter Description bypass banking category traffic Bypass banking category traffic Type Boolean true false bypass government and military category traffic Bypass government category traffic Type Boolean true false...

Page 1007: ...icy bypass traffic Generate an SSL bypass log for SSL traffic that was not inspected by SSL inspection Type Boolean true false mode Indicates if SSL inspection feature is active Type Boolean true false Example set ssl inspection policy mode true log policy bypass traffic true log inspected traffic true bypass health category traffic true bypass government and military category traffic true bypass ...

Page 1008: ...filtering for HTTPS sites and applications based on server s certificate without activating SSL traffic inspection Syntax set ssl inspection policy https categorization only mode on Parameters Parameter Description https categorization only mode HTTPS categorization only cane be enabled via HTTPS service Type Boolean true false Example set ssl inspection policy https categorization only mode true ...

Page 1009: ...cy inspect https protocol Description Enable SSL Inspection policy to inspect HTTPS protocol Note SSL Inspection must be enabled first Syntax set ssl inspection policy inspect https protocol true false Parameters Parameter Description true false true Enabled false Disabled Example set ssl inspection policy inspect https protocol true ...

Page 1010: ...cy inspect imaps protocol Description Enable SSL Inspection policy to inspect IMAPS protocol Note SSL Inspection must be enabled first Syntax set ssl inspection policy inspect imaps protocol true false Parameters Parameter Description true false true Enabled false Disabled Example set ssl inspection policy inspect imaps protocol true ...

Page 1011: ...B 1500 Appliance Series R80 20 05 CLI Reference Guide 1011 show ssl inspection policy Description Show SSL Inspection policy Syntax show ssl inspection policy Parameters Parameter Description n a Example show ssl inspection policy ...

Page 1012: ...delete ssl network extender Description Forces a manual deletion of the SSL network extender thus forcing the gateway to re download the latest version of the extender from the cloud Syntax delete ssl network extender Parameters Parameter Description n a Example delete ssl network extender ...

Page 1013: ...static route SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1013 static route ...

Page 1014: ...on destination IP address and subnet length of the destination of the packet in the format IP subnet e g 192 168 0 0 16 Type An IP address with a mask length metric Metric Type A number with no fractional part integer service Route service name Type String source IP address and subnet length of the source of the packet in the format IP subnet e g 192 168 1 0 24 Type An IP address with a mask lengt...

Page 1015: ...of the destination of the packet in the format IP subnet e g 192 168 0 0 16 Type An IP address with a mask length disabled Is rule disabled Type Boolean true false id id Type A number with no fractional part integer metric Metric Type A number with no fractional part integer service Route service name Type String source IP address and subnet length of the source of the packet in the format IP subn...

Page 1016: ... Guide 1016 delete static route Description Deletes a manually defined routing rule Syntax delete static route id Parameters Parameter Description id The rule order as shown in show static routes Type A number with no fractional part integer Example delete static route 3 ...

Page 1017: ...0 Appliance Series R80 20 05 CLI Reference Guide 1017 delete static routes Description Deletes all manually defined static routing rules Syntax delete static routes Parameters Parameter Description n a Example delete static routes ...

Page 1018: ... routes SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1018 show static routes Description Shows all static routes Syntax show static routes Parameters Parameter Description n a Example show static routes ...

Page 1019: ...streaming engine settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1019 streaming engine settings ...

Page 1020: ...set streaming engine settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1020 set streaming engine settings Configures the streaming engine settings ...

Page 1021: ...timeout track tcp hold timeout track tcp invalid checksum mon only tcp invalid checksum mon only tcp invalid checksum track tcp invalid checksum track tcp segment limit mon only tcp segment limit mon only tcp segment limit track tcp segment limit track Parameters Parameter Description tcp block out of win mon only TCP Out of Sequence activation mode Options prevent detect tcp block out of win trac...

Page 1022: ... Options none log alert tcp segment limit mon only TCP Segment Limit Enforcement activation mode Options prevent detect tcp segment limit track TCP Segment Limit Enforcement tracking Options none log alert Example set streaming engine settings tcp block out of win mon only prevent tcp block out of win track none tcp block retrans err mon only prevent tcp block retrans err track none tcp block syn ...

Page 1023: ... tcp invalid checksum mon only tcp invalid checksum mon only tcp segment limit track tcp segment limit track tcp block urg bit mon only tcp block urg bit mon only tcp segment limit mon only tcp segment limit mon only tcp hold timeout mon only tcp hold timeout mon only tcp hold timeout track tcp hold timeout track Parameters Parameter Description n a Example set streaming engine settings advanced s...

Page 1024: ...show streaming engine settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1024 show streaming engine settings Shows streaming engine settings ...

Page 1025: ... Appliance Series R80 20 05 CLI Reference Guide 1025 show streaming engine settings Description Shows streaming engine settings Syntax show streaming engine settings Parameters Parameter Description n a Example show streaming engine settings ...

Page 1026: ...0 05 CLI Reference Guide 1026 show streaming engine settings Description Shows streaming engine advanced settings Syntax show streaming engine settings advanced settings Parameters Parameter Description n a Example show streaming engine settings advanced settings ...

Page 1027: ...switch SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1027 switch ...

Page 1028: ...a switch object which passes traffic between those ports in the hardware level traffic doesn t undergo inspection as it is not routed between those ports In essence the switch combines physical LAN ports into a single network Syntax add switch name name Parameters Parameter Description name Name Type A switch name should be LAN 1 8 _Switch Example add switch name LAN2_Switch ...

Page 1029: ...LI Reference Guide 1029 delete switch Description Deletes a defined port based VLAN switch object by name Syntax delete switch name Parameters Parameter Description name Name Type A switch name should be LAN 1 8 _Switch Example delete switch LAN2_Switch ...

Page 1030: ...set switch SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1030 set switch Configures an existing port based VLAN switch ...

Page 1031: ...e 1031 set switch Description Add a physical port to an existing port based VLAN switch Syntax set switch name add port port Parameters Parameter Description name Name Type A switch name should be LAN 1 8 _Switch port Name Example set switch LAN2_Switch add port LAN4 ...

Page 1032: ... set switch Description Removes a physical port from an existing port based VLAN switch Syntax set switch name remove port port Parameters Parameter Description name Name Type A switch name should be LAN 1 8 _Switch port Name Example set switch LAN2_Switch remove port LAN4 ...

Page 1033: ...show switch SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1033 show switch Shows port based VLAN switch configuration ...

Page 1034: ... 20 05 CLI Reference Guide 1034 show switch Description Shows port based VLAN switch configuration Syntax show switch name Parameters Parameter Description name Name Type A switch name should be LAN 1 8 _Switch Example show switch LAN2_Switch ...

Page 1035: ...e Guide 1035 show switch Description Shows ports within a configured port based VLAN switch configuration Syntax show switch name ports Parameters Parameter Description name Name Type A switch name should be LAN 1 8 _Switch Example show switch LAN2_Switch ports ...

Page 1036: ...itches SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1036 show switches Description Shows all port based VLANs switches Syntax show switches Parameters Parameter Description n a Example show switches ...

Page 1037: ...syslog server SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1037 syslog server ...

Page 1038: ...eter Description enabled Determine if an external System Log Server is active Type Boolean true false ipv4 address The desired external System Log Server IP address Type IP address name System Log Server name Type A string of alphanumeric characters with space between them port Port in the external System Log Server that receives the logs default is 514 Type Port number sent logs Determine which l...

Page 1039: ...eries R80 20 05 CLI Reference Guide 1039 add syslog server protocol tls Description Adds a new external syslog server for the TLS protocol Syntax add syslog server protocol tls Parameters Parameter Description n a Example add syslog server protocol tls ...

Page 1040: ...delete syslog server SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1040 delete syslog server Deletes a configured external syslog server ...

Page 1041: ... server Description Deletes a configured external syslog server by IP address Syntax delete syslog server ipv4 address ipv4 address Parameters Parameter Description ipv4 address The desired external System Log Server IP address Type IP address Example delete syslog server ipv4 address 192 168 1 1 ...

Page 1042: ...slog server Description Deletes a configured external syslog server by name Syntax delete syslog server name name Parameters Parameter Description name System Log Server name Type A string of alphanumeric characters with space between them Example delete syslog server name syslog_server_name ...

Page 1043: ...set syslog server SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1043 set syslog server Configure an existing syslog server s settings ...

Page 1044: ...rver is active Type Boolean true false ipv4 address The desired external System Log Server IP address Type IP address name System Log Server name Type A string of alphanumeric characters with space between them port Port in the external System Log Server that receives the logs default is 514 Type Port number sent logs Determine which logs types will be sent to the System Log Server Options system ...

Page 1045: ...active Type Boolean true false ipv4 address The desired external System Log Server IP address Type IP address name System Log Server name Type A string of alphanumeric characters with space between them port Port in the external System Log Server that receives the logs default is 514 Type Port number sent logs Determine which logs types will be sent to the System Log Server Options system logs sec...

Page 1046: ...show syslog server SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1046 show syslog server Shows configuration of external syslog servers ...

Page 1047: ...rver Description Shows configuration of an external syslog server by IP address Syntax show syslog server ipv4 address ipv4 address Parameters Parameter Description ipv4 address The desired external System Log Server IP address Type IP address Example show syslog server ipv4 address 192 168 1 1 ...

Page 1048: ...slog server Description Shows configuration of an external syslog server by name Syntax show syslog server name name Parameters Parameter Description name System Log Server name Type A string of alphanumeric characters with space between them Example show syslog server name several words ...

Page 1049: ...ppliance Series R80 20 05 CLI Reference Guide 1049 show syslog server all Description Shows configuration of all external syslog servers Syntax show syslog server all Parameters Parameter Description n a Example show syslog server all ...

Page 1050: ...show syslog server all SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1050 system settings Relevant commands for system settings ...

Page 1051: ... 1051 show system settings is custom branding Description Shows whether white labeling has been enabled and the appliance has been customized with a particular brand Syntax show system settings is custom branding Parameters Parameter Description n a Example show system settings is custom branding ...

Page 1052: ...ription The maximal value for TTL field for a packet to be considered as a traceroute Syntax set stateful_inspection advanced settings traceroute max ttl value Parameters Parameter Description value Integer between 0 and 64 Default 29 Example set stateful_inspection advanced settings traceroute max ttl 0 ...

Page 1053: ...threat prevention advanced SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1053 threat prevention advanced ...

Page 1054: ...tion advanced Description Configures advanced settings for Threat Prevention blades Syntax set threat prevention advanced advanced settings file inspection size kb file inspection size kb Parameters Parameter Description n a Example set threat prevention advanced advanced settings file inspection size kb 15000 ...

Page 1055: ...Reference Guide 1055 show threat prevention advanced Description Shows advanced settings for the Threat Prevention blades Syntax show threat prevention advanced advanced settings Parameters Parameter Description n a Example show threat prevention advanced advanced settings ...

Page 1056: ...threat prevention anti bot SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1056 threat prevention anti bot ...

Page 1057: ...ith a bad reputation will be according to the policy or a manually configured specific action Options ask prevent detect inactive policy action reputation ips Indicates if the action upon detecting attempted access to IP addresses with a bad reputation will be according to the policy or a manually configured specific action Options ask prevent detect inactive policy action reputation urls Indicate...

Page 1058: ...s R80 20 05 CLI Reference Guide 1058 show threat prevention anti bot engine Description Shows the engine settings of the Anti Bot blade Syntax show threat prevention anti bot engine Parameters Parameter Description n a Example show threat prevention anti bot engine ...

Page 1059: ...set threat prevention anti bot policy SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1059 set threat prevention anti bot policy Configures the policy of the Anti Bot blade ...

Page 1060: ...of the Anti Bot blade Syntax set threat prevention anti bot policy mode mode detect mode detect mode Parameters Parameter Description detect mode Indicates if the Anti Bot blade is set to Detect Only mode Type Boolean true false mode Indicates if the Anti Bot blade is active Type Boolean true false Example set threat prevention anti bot policy mode true detect mode true ...

Page 1061: ...at prevention anti bot policy Description Configures advanced settings of the Anti Bot blade Syntax set threat prevention anti bot policy advanced settings res class mode res class mode Parameters Parameter Description n a Example set threat prevention anti bot policy advanced settings res class mode rs hold ...

Page 1062: ...show threat prevention anti bot policy SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1062 show threat prevention anti bot policy Shows the policy of the Anti Bot blade ...

Page 1063: ...eries R80 20 05 CLI Reference Guide 1063 show threat prevention anti bot policy Description Shows the policy of the Anti Bot blade Syntax show threat prevention anti bot policy Parameters Parameter Description n a Example show threat prevention anti bot policy ...

Page 1064: ...erence Guide 1064 show threat prevention anti bot policy Description Shows the advanced settings of the Anti Bot blade Syntax show threat prevention anti bot policy advanced settings Parameters Parameter Description n a Example show threat prevention anti bot policy advanced settings ...

Page 1065: ...ext that appears in the Anti Bot Ask user message Type A string that contains only printable characters fallback action Indicates the action to take when an Ask user message cannot be displayed Options block accept frequency Indicates how often is the Anti Bot Ask user message is being presented to the same user Options day week month reason displayed Indicates if the user must enter a reason for ...

Page 1066: ...6 show threat prevention anti bot user check ask Description Shows the settings of the customizable ask message shown to users upon match on browser based traffic Syntax show threat prevention anti bot user check ask Parameters Parameter Description n a Example show threat prevention anti bot user check ask ...

Page 1067: ...only printable characters redirect to url Indicates if the user will be redirected to a custom URL in case of a Block action Type Boolean true false redirect url Indicates the URL to redirect the user in case of a Block action if configured to do so The URL to redirect the user in case of a Block action Redirection happens only if this functionality is turned on Type urlWithHttp subject The subjec...

Page 1068: ...hreat prevention anti bot user check block Description Shows the settings of the customizable block message shown to users upon Anti Bot match on browser based traffic Syntax show threat prevention anti bot user check block Parameters Parameter Description n a Example show threat prevention anti bot user check block ...

Page 1069: ...threat prevention anti virus SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1069 threat prevention anti virus ...

Page 1070: ...eters Parameter Description urls with malware Indicates if the action upon detecting access to and from URLs with a bad reputation will be according to the policy or a manually configured specific action Options ask prevent detect inactive policy action viruses Indicates if the action upon detecting viruses will be according to the policy or a manually configured specific action Options ask preven...

Page 1071: ...80 20 05 CLI Reference Guide 1071 show threat prevention anti virus engine Description Shows the engine settings of the Anti Virus blade Syntax show threat prevention anti virus engine Parameters Parameter Description n a Example show threat prevention anti virus engine ...

Page 1072: ...at prevention anti virus file type extension extension action action description description Parameters Parameter Description action Indicates the action when the file type is detected Options block pass scan description The file description Type A string that contains less than 257 characters of this set 0 9 a z or extension File extension that represents this file type Type A string that contain...

Page 1073: ...tes a manually configured custom file type according to extension Syntax delete threat prevention anti virus file type extension extension Parameters Parameter Description extension File extension that represents this file type Type A string that contains less than 257 characters of this set 0 9 a z or Example delete threat prevention anti virus file type extension pdf ...

Page 1074: ...sion action action description description Parameters Parameter Description action Indicates the action when the file type is detected Options block pass scan description The file description Type A string that contains less than 257 characters of this set 0 9 a z or extension File extension that represents this file type Type A string that contains less than 257 characters of this set 0 9 a z or ...

Page 1075: ...ows the Anti Virus blade configuration for a specific file type Syntax show threat prevention anti virus file type extension extension Parameters Parameter Description extension File extension that represents this file type Type A string that contains less than 257 characters of this set 0 9 a z or Example show threat prevention anti virus file type extension pdf ...

Page 1076: ...Reference Guide 1076 show threat prevention anti virus file types Description Shows the Anti Virus blade configuration for all defined file types Syntax show threat prevention anti virus file types Parameters Parameter Description n a Example show threat prevention anti virus file types ...

Page 1077: ...erence Guide 1077 delete threat prevention anti virus file type custom Description Deletes all manually configured custom file types Syntax delete threat prevention anti virus file type custom all Parameters Parameter Description n a Example delete threat prevention anti virus file type custom all ...

Page 1078: ...set threat prevention anti virus policy SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1078 set threat prevention anti virus policy Configures the policy of the Anti Virus blade ...

Page 1079: ...malware known to contain malware all all file types specific configured file families Options malware all types specific families interfaces Indicates the source zones for inspected incoming files External External and DMZ or all interfaces Options all external external dmz mode Indicates if the Anti Virus blade is active Type Boolean true false protocol ftp Indicates if Anti Virus inspection will...

Page 1080: ... 1500 Appliance Series R80 20 05 CLI Reference Guide 1080 Example set threat prevention anti virus policy mode true detect mode true scope incoming interfaces all protocol http true protocol mail true protocol ftp true file types policy malware ...

Page 1081: ...vention anti virus policy Description Configures advanced settings of the Anti Virus blade Syntax set threat prevention anti virus policy advanced settings priority scanning priority scanning Parameters Parameter Description n a Example set threat prevention anti virus policy advanced settings priority scanning true ...

Page 1082: ...ention anti virus policy Description Configures advanced settings of the Anti Virus blade Syntax set threat prevention anti virus policy advanced settings file scan size kb file scan size kb Parameters Parameter Description n a Example set threat prevention anti virus policy advanced settings file scan size kb 15000 ...

Page 1083: ...evention anti virus policy Description Configures advanced settings of the Anti Virus blade Syntax set threat prevention anti virus policy advanced settings max nesting level max nesting level Parameters Parameter Description n a Example set threat prevention anti virus policy advanced settings max nesting level 2 ...

Page 1084: ...Description Configures advanced settings of the Anti Virus blade Syntax set threat prevention anti virus policy advanced settings action when nesting level exceeded action when nesting level exceeded Parameters Parameter Description n a Example set threat prevention anti virus policy advanced settings action when nesting level exceeded allow ...

Page 1085: ...prevention anti virus policy Description Configures advanced settings of the Anti Virus blade Syntax set threat prevention anti virus policy advanced settings res class mode res class mode Parameters Parameter Description n a Example set threat prevention anti virus policy advanced settings res class mode rs hold ...

Page 1086: ...show threat prevention anti virus policy SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1086 show threat prevention anti virus policy Shows the policy for the Anti Virus blade ...

Page 1087: ...es R80 20 05 CLI Reference Guide 1087 show threat prevention anti virus policy Description Shows the policy for the Anti Virus blade Syntax show threat prevention anti virus policy Parameters Parameter Description n a Example show threat prevention anti virus policy ...

Page 1088: ...ence Guide 1088 show threat prevention anti virus policy Description Shows advanced settings for the Anti Virus blade Syntax show threat prevention anti virus policy advanced settings Parameters Parameter Description n a Example show threat prevention anti virus policy advanced settings ...

Page 1089: ...xt that appears in the Anti Virus Ask user message Type A string that contains only printable characters fallback action Indicates the action to take when an Ask user message cannot be displayed Options block accept frequency Indicates how often is the Anti Virus Ask user message is being presented to the same user Options day week month reason displayed Indicates if the user must enter a reason f...

Page 1090: ...hreat prevention anti virus user check ask Description Shows the settings of the customizable ask message shown to users upon Anti Virus match on browser based traffic Syntax show threat prevention anti virus user check ask Parameters Parameter Description n a Example show threat prevention anti virus user check ask ...

Page 1091: ... only printable characters redirect to url Indicates if the user will be redirected to a custom URL in case of a Block action Type Boolean true false redirect url Indicates the URL to redirect the user in case of a Block action if configured to do so The URL to redirect the user in case of a Block action Redirection happens only if this functionality is turned on Type urlWithHttp subject The subje...

Page 1092: ...at prevention anti virus user check block Description Shows the settings of the customizable block message shown to users upon Anti Virus match on browser based traffic Syntax show threat prevention anti virus user check block Parameters Parameter Description n a Example show threat prevention anti virus user check block ...

Page 1093: ...threat prevention exception SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1093 threat prevention exception ...

Page 1094: ...plies Anti Virus Anti Bot or both Options any any av any ab any ips comment Additional description for the exception Type A string that contains less than 257 characters of this set 0 9 a z or destination Network object that is the target of the connection destination negate If true the destination is all traffic except what is defined in the destination field Type Boolean true false log The loggi...

Page 1095: ...oup that the exception applies to source negate If true the source is all traffic except what is defined in the source field Type Boolean true false Example add threat prevention exception destination TEXT destination negate true service TEXT service negate true source TEXT source negate true protection name word action ask log none comment This is a comment ...

Page 1096: ...ention exception Description Deletes an existing malware exception rule by name Syntax delete threat prevention exception name name Parameters Parameter Description name The name of the exception Type A string of alphanumeric characters without space between them Example delete threat prevention exception name word ...

Page 1097: ...t detect inactive blade The blade to which the exception applies Anti Virus Anti Bot or both Options any any av any ab any ips comment Additional description for the exception Type A string that contains less than 257 characters of this set 0 9 a z or destination Network object that is the target of the connection destination negate If true the destination is all traffic except what is defined in ...

Page 1098: ...the service field Type Boolean true false source IP address network object or user group that the exception applies to source negate If true the source is all traffic except what is defined in the source field Type Boolean true false Example set threat prevention exception 2 destination TEXT destination negate true service TEXT service negate true source TEXT source negate true protection name wor...

Page 1099: ...exception rule by name Syntax show threat prevention exception name name show threat prevention exception position position Parameters Parameter Description name The name of the exception Type A string of alphanumeric characters without space between them position The order of the rule in comparison to other rules Type Decimal number Example show threat prevention exception name word ...

Page 1100: ... 1100 delete threat prevention exceptions Description Deletes all existing malware exception rules for Anti Virus Anti Bot and Threat Emulation where applicable Syntax delete threat prevention exceptions all Parameters Parameter Description n a Example delete threat prevention exceptions all ...

Page 1101: ...05 CLI Reference Guide 1101 show threat prevention infected hosts Description Shows a list of infected hosts detected by Threat Prevention blades Syntax show threat prevention infected hosts Parameters Parameter Description n a Example show threat prevention infected hosts ...

Page 1102: ...threat prevention ips SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1102 threat prevention ips ...

Page 1103: ...Description client protections Indicates if Client protections are active by default Type Boolean true false disable by confidence level Indicates if protections will be deactivated if their confidence level is below or equal configured level Type Boolean true false disable by performance impact Indicates if protections will be deactivated if their performance impact is above or equal configured l...

Page 1104: ... Critical server protections Indicates if Server protections are active by default Type Boolean true false Example set threat prevention ips custom default policy server protections true client protections true disable by confidence level true disable confidence level below or equal Low disable by severity true disable severity below or equal Low disable by performance impact true disable performa...

Page 1105: ...5 CLI Reference Guide 1105 show threat prevention ips custom default policy Description Shows the configuration of a custom IPS policy Syntax show threat prevention ips custom default policy Parameters Parameter Description n a Example show threat prevention ips custom default policy ...

Page 1106: ...add threat prevention ips network exception SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1106 add threat prevention ips network exception Adds a new exception rule for the IPS blade ...

Page 1107: ...9 a z or destination Network object that is the target of the connection destination negate If true the destination is all traffic except what is defined in the destination field Type Boolean true false protection name Indicates if the exception rule will be matched on all IPS protections or a specific one service Type of network service that is under exception service negate If true the service i...

Page 1108: ... a z or destination Network object that is the target of the connection destination negate If true the destination is all traffic except what is defined in the destination field Type Boolean true false protection code Indicates if the exception rule will be matched on all IPS protections or a specific one service Type of network service that is under exception service negate If true the service is...

Page 1109: ...t prevention ips network exception SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1109 delete threat prevention ips network exception Deletes exception rules to bypass IPS protections for specific traffic ...

Page 1110: ...ps network exception Description Deletes an existing exception rule for the IPS blade by position Syntax delete threat prevention ips network exception position position Parameters Parameter Description position The order of the rule in the Rule Base Type Decimal number Example delete threat prevention ips network exception position 2 ...

Page 1111: ...Reference Guide 1111 delete threat prevention ips network exception Description Deletes all existing exception rules for the IPS blade Syntax delete threat prevention ips network exception all Parameters Parameter Description n a Example delete threat prevention ips network exception all ...

Page 1112: ... prevention ips network exception SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1112 set threat prevention ips network exception Configure exception rules to bypass IPS protections for specific traffic ...

Page 1113: ...k exception Type A string that contains less than 257 characters of this set 0 9 a z or destination Network object that is the target of the connection destination negate If true the destination is all traffic except what is defined in the destination field Type Boolean true false position The order of the rule in the Rule Base Type Decimal number protection code Indicates if the exception rule wi...

Page 1114: ...e Series R80 20 05 CLI Reference Guide 1114 Example set threat prevention ips network exception position 2 protection code 12345678 destination TEXT destination negate true service TEXT service negate true source TEXT source negate true comment This is a comment ...

Page 1115: ... exception Type A string that contains less than 257 characters of this set 0 9 a z or destination Network object that is the target of the connection destination negate If true the destination is all traffic except what is defined in the destination field Type Boolean true false position The order of the rule in the Rule Base Type Decimal number protection name Indicates if the exception rule wil...

Page 1116: ...nce Series R80 20 05 CLI Reference Guide 1116 Example set threat prevention ips network exception position 2 protection name word destination TEXT destination negate true service TEXT service negate true source TEXT source negate true comment This is a comment ...

Page 1117: ... ips network exception Description Shows the configuration of an IPS exception rule by position Syntax show threat prevention ips network exception position position Parameters Parameter Description position The order of the rule in the Rule Base Type Decimal number Example show threat prevention ips network exception position 2 ...

Page 1118: ...detect mode detect mode Parameters Parameter Description default policy The type of policy used for IPS strict typical or custom detect mode Indicates if the default policy of IPS is to only logs events and not block them Type Boolean true false log Indicates the tracking level for IPS none block or alert Options none log alert mode Indicates if IPS blade is active Type Boolean true false Example ...

Page 1119: ...liance Series R80 20 05 CLI Reference Guide 1119 show threat prevention ips policy Description Shows the policy of the IPS blade Syntax show threat prevention ips policy Parameters Parameter Description n a Example show threat prevention ips policy ...

Page 1120: ...ion Description Find an IPS protection by name or partial string to view further details regarding it Syntax find threat prevention ips protection name Parameters Parameter Description name The name of the IPS topic Type A string of alphanumeric characters without space between them Example find threat prevention ips protection word ...

Page 1121: ...n ips protection action override SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1121 set threat prevention ips protection action override Configures actions to override the IPS policy for a specific IPS protection ...

Page 1122: ...n code protection code action action track track Parameters Parameter Description action Indicates the manually configured action for this protection protection code The IPS topic the override belongs to Every override belongs to a single topic Type A number with no fractional part Values are between 4 503 599 627 370 495 to 4 503 599 627 370 495 track Indicates the manually configured tracking op...

Page 1123: ... protection action override protection name protection name action action track track Parameters Parameter Description action Indicates the manually configured action for this protection protection name The name of the IPS topic Type A string of alphanumeric characters without space between them track Indicates the manually configured tracking option for this protection Example set threat preventi...

Page 1124: ...ide policy action override policy action Parameters Parameter Description override policy action Indicates if the action upon detection will be according to the general IPS policy or manually configured for this protection Type Boolean true false protection code The IPS topic the override belongs to Every override belongs to a single topic Type A number with no fractional part Values are between 4...

Page 1125: ...ride protection name protection name override policy action override policy action Parameters Parameter Description override policy action Indicates if the action upon detection will be according to the general IPS policy or manually configured for this protection Type Boolean true false protection name The name of the IPS topic Type A string of alphanumeric characters without space between them E...

Page 1126: ...at prevention ips protection action override SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1126 show threat prevention ips protection action override Shows action overrides for specific IPS protections ...

Page 1127: ... by protection ID code Syntax show threat prevention ips protection action override protection code protection code Parameters Parameter Description protection code The IPS topic the override belongs to Every override belongs to a single topic Type A number with no fractional part Values are between 4 503 599 627 370 495 to 4 503 599 627 370 495 Example show threat prevention ips protection action...

Page 1128: ...s action overrides for a specific IPS protection by protection name Syntax show threat prevention ips protection action override protection name protection name Parameters Parameter Description protection name The name of the IPS topic Type A string of alphanumeric characters without space between them Example show threat prevention ips protection action override protection name word ...

Page 1129: ...ettings fail mode fail mode set threat prevention policy advanced settings block requests when the web service is block requests when the web service is unavailable Parameters Parameter Description profile Unified policy profile track Tracking options for Threat Prevention protections None do not log Log Create log Alert log with alert Options none log alert Example set threat prevention policy hi...

Page 1130: ...threat prevention policy SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1130 threat prevention policy Shows commands relevant to Threat Prevention policy ...

Page 1131: ...y advanced settings block requests when the web service is block requests when the web service is unavailable Parameters Parameter Description profile Unified policy profile track Tracking options for Threat Prevention protections None do not log Log Create log Alert log with alert Options none log alert Example set threat prevention policy high confidence ask medium confidence ask low confidence ...

Page 1132: ...s the configuration for the Threat Prevention policy shared by the Anti Bot Anti Virus and Threat Emulation where applicable blades Syntax show threat prevention policy show threat prevention policy advanced settings Parameters Parameter Description n a Example show threat prevention policy show threat prevention policy advanced settings ...

Page 1133: ...threat prevention threat emulation additional remote emulator SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1133 threat prevention threat emulation additional remote emulator ...

Page 1134: ...dditional private emulation gateways Syntax add threat prevention threat emulation additional remote emulator ip address ip address name name Parameters Parameter Description ip address Remote emulation gateway IP address Type IP address name Remote emulation gateway name Type A string of alphanumeric characters with space between them Example add threat prevention threat emulation additional remo...

Page 1135: ...dditional remote emulator SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1135 delete threat prevention threat emulation additional remote emulator Delete a gateway from the threat emulation list of additional private emulation gateways ...

Page 1136: ...or Description Delete a gateway from the threat emulation list of additional private emulation gateways Syntax delete threat prevention threat emulation additional remote emulator ip address ip address Parameters Parameter Description ip address Remote emulation gateway IP address Type IP address Example delete threat prevention threat emulation additional remote emulator ip address 192 168 1 1 ...

Page 1137: ...tion Delete a gateway from the threat emulation list of additional private emulation gateways Syntax delete threat prevention threat emulation additional remote emulator name name Parameters Parameter Description name Remote emulation gateway name Type A string of alphanumeric characters with space between them Example delete threat prevention threat emulation additional remote emulator name sever...

Page 1138: ...n gateway Syntax set threat prevention threat emulation additional remote emulator name name ip address ip address name name Parameters Parameter Description ip address Remote emulation gateway IP address Type IP address name Remote emulation gateway name Type A string of alphanumeric characters with space between them Example textset threat prevention threat emulation additional remote emulator n...

Page 1139: ...ion additional remote emulator SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1139 show threat prevention threat emulation additional remote emulator Show all gateways that are configured as additional private emulation gateways ...

Page 1140: ...reat prevention threat emulation additional remote emulator Description Show all gateways that are configured as additional private emulation gateways Syntax show threat prevention threat emulation additional remote emulator Parameters Parameter Description n a Example show threat prevention threat emulation additional remote emulator ...

Page 1141: ...scription Show all gateways that are configured as additional private emulation gateways Syntax show threat prevention threat emulation additional remote emulator name name Parameters Parameter Description name Remote emulation gateway name Type A string of alphanumeric characters with space between them Example show threat prevention threat emulation additional remote emulator name several words ...

Page 1142: ... threat emulation file types revert actions to default Description Reverts all actions on specific file types to their default value in the factory settings Syntax set threat prevention threat emulation file types revert actions to default Parameters Parameter Description n a Example set threat prevention threat emulation file types revert actions to default ...

Page 1143: ...threat prevention threat emulation SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1143 threat prevention threat emulation ...

Page 1144: ...tion file type extension action action description description Parameters Parameter Description action Indicates the action when the file type is detected Options bypass inspect description The file description Type A string that contains less than 257 characters of this set 0 9 a z or extension File extension that represents this file type Type A string of alphanumeric characters without space be...

Page 1145: ...on Shows the Threat Emulation where applicable configuration for a specific file type Syntax show threat prevention threat emulation file type extension Parameters Parameter Description extension File extension that represents this file type Type A string of alphanumeric characters without space between them Example show threat prevention threat emulation file type word ...

Page 1146: ... 1146 show threat prevention threat emulation file types Description Shows the Threat Emulation where applicable configuration for all specific file types Syntax show threat prevention threat emulation file types Parameters Parameter Description n a Example show threat prevention threat emulation file types ...

Page 1147: ...evention threat emulation policy SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1147 set threat prevention threat emulation policy Configures a policy specific to the Threat Emulation blade where applicable ...

Page 1148: ...is completed Options background hold connection handling mode smtp Indicates the strictness mode of the Threat Emulation engine over SMTP Back ground connections are allowed while the file emulation runs if needed Hold connections are blocked until the file emulation is completed Options background hold detect mode Indicates if the Threat Emulation blade is set to Detect Only mode Type Boolean tru...

Page 1149: ...ies R80 20 05 CLI Reference Guide 1149 Example set threat prevention threat emulation policy mode true detect mode true scope incoming interfaces all protocol http true protocol mail true connection handling mode http background connection handling mode smtp background ...

Page 1150: ...tion Configures advanced settings for the Threat Emulation blade where applicable Syntax set threat prevention threat emulation policy advanced settings connection handling mode smtp connection handling mode smtp Parameters Parameter Description n a Example set threat prevention threat emulation policy advanced settings connection handling mode smtp background ...

Page 1151: ...show threat prevention threat emulation policy SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1151 show threat prevention threat emulation policy Shows the policy of the Threat Emulation policy ...

Page 1152: ... 05 CLI Reference Guide 1152 show threat prevention threat emulation policy Description Shows the policy of the Threat Emulation policy Syntax show threat prevention threat emulation policy Parameters Parameter Description n a Example show threat prevention threat emulation policy ...

Page 1153: ...e 1153 show threat prevention threat emulation policy Description Shows advanced settings of the Threat Emulation policy Syntax show threat prevention threat emulation policy advanced settings Parameters Parameter Description n a Example show threat prevention threat emulation policy advanced settings ...

Page 1154: ...threat prevention whitelist SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1154 threat prevention whitelist ...

Page 1155: ...ation blade where applicable Syntax add threat prevention whitelist mail email address email address type type Parameters Parameter Description email address The email address of the recipient or sender Type Email address type The type of the email address recipient sender or both Options recipient sender both Example add threat prevention whitelist mail email address MyEmail mail com type recipie...

Page 1156: ...LI Reference Guide 1156 show threat prevention whitelist files Description Shows the list of whitelist files md5sum for the Threat Prevention blades Syntax show threat prevention whitelist files Parameters Parameter Description n a Example show threat prevention whitelist files ...

Page 1157: ...t mail Description Deletes an excluded mail address for the Threat Emulation blade where applicable Syntax delete threat prevention whitelist mail email address Parameters Parameter Description email address The email address of the recipient or sender Type Email address Example delete threat prevention whitelist mail MyEmail mail com ...

Page 1158: ...he Threat Emulation blade where applicable Syntax set threat prevention whitelist mail email address type type Parameters Parameter Description email address The email address of the recipient or sender Type Email address type The type of the email address recipient sender or both Options recipient sender both Example set threat prevention whitelist mail MyEmail mail com type recipient ...

Page 1159: ...mail Description Shows the setting for a whitelist email address set for the Threat Prevention blades Syntax show threat prevention whitelist mail email address Parameters Parameter Description email address The email address of the recipient or sender Type Email address Example show threat prevention whitelist mail MyEmail mail com ...

Page 1160: ...e Guide 1160 delete threat prevention whitelist mails Description Deletes all excluded mail addresses for the Threat Emulation blade where applicable Syntax delete threat prevention whitelist mails all Parameters Parameter Description n a Example delete threat prevention whitelist mails all ...

Page 1161: ...LI Reference Guide 1161 show threat prevention whitelist mails Description Shows the whitelist email addresses set for the Threat Prevention blades Syntax show threat prevention whitelist mails Parameters Parameter Description n a Example show threat prevention whitelist mails ...

Page 1162: ...luded file for Threat Prevention blades according to md5 Syntax add threat prevention whitelist type file md5 md5 Parameters Parameter Description md5 MD5 encryption for the file in the whitelist Type MD5 checksum of a file Contains only a f and 0 9 characters and of exact length of 32 Example add threat prevention whitelist type file md5 d41d8cd98f00b204e9800998ecf8427e ...

Page 1163: ...delete threat prevention whitelist type file SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1163 delete threat prevention whitelist type file Deletes excluded files for Threat Prevention blades ...

Page 1164: ...n excluded file for Threat Prevention blades by md5 Syntax delete threat prevention whitelist type file md5 md5 Parameters Parameter Description md5 MD5 encryption for the file in the whitelist Type MD5 checksum of a file Contains only a f and 0 9 characters and of exact length of 32 Example delete threat prevention whitelist type file md5 d41d8cd98f00b204e9800998ecf8427e ...

Page 1165: ...I Reference Guide 1165 delete threat prevention whitelist type file Description Removes all excluded files for Threat Prevention blades Syntax delete threat prevention whitelist type file all Parameters Parameter Description n a Example delete threat prevention whitelist type file all ...

Page 1166: ...e 1166 add threat prevention whitelist type url Description Adds a new excluded URL for Threat Prevention blades Syntax add threat prevention whitelist type url url url Parameters Parameter Description url URL Type URL Example add threat prevention whitelist type url url http somehost example com ...

Page 1167: ...delete threat prevention whitelist type url SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1167 delete threat prevention whitelist type url Deletes excluded URLs for Threat Prevention blades ...

Page 1168: ...168 delete threat prevention whitelist type url Description Removes an excluded URL for Threat Prevention blades Syntax delete threat prevention whitelist type url url url Parameters Parameter Description url URL Type URL Example delete threat prevention whitelist type url url http somehost example com ...

Page 1169: ...LI Reference Guide 1169 delete threat prevention whitelist type url Description Removes all excluded URLs for Threat Prevention blades Syntax delete threat prevention whitelist type url all Parameters Parameter Description n a Example delete threat prevention whitelist type url all ...

Page 1170: ...20 05 CLI Reference Guide 1170 show threat prevention whitelist urls Description Shows the whitelist URLs set for the Threat Prevention blades Syntax show threat prevention whitelist urls Parameters Parameter Description n a Example show threat prevention whitelist urls ...

Page 1171: ...ui settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1171 ui settings ...

Page 1172: ...set ui settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1172 set ui settings Configures customizations that can be done for the administration portal ...

Page 1173: ...ustom webui logo url custom webui logo url Parameters Parameter Description custom webui logo url Clicking the company logo in the web interface opens this URL Type urlWithHttp use custom webui logo The company logo is displayed on the appliance s web interface and on its login page The customized logo should follow the size restrictions in order to be displayed properly Type Boolean true false Ex...

Page 1174: ...ne for the administration portal Syntax set ui settings advanced settings AboutConfigCustomLogos custom webui logo url custom webui logo url use custom webui logo use custom webui logo Parameters Parameter Description n a Example set ui settings advanced settings AboutConfigCustomLogos custom webui logo url urlWithHttp use custom webui logo true ...

Page 1175: ...show ui settings SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1175 show ui settings Shows web interface settings and customizations ...

Page 1176: ...B 1500 Appliance Series R80 20 05 CLI Reference Guide 1176 show ui settings Description Shows web interface settings and customizations Syntax show ui settings Parameters Parameter Description n a Example show ui settings ...

Page 1177: ...nce Series R80 20 05 CLI Reference Guide 1177 show ui settings Description Shows web Interface advanced settings Syntax show ui settings advanced settings Parameters Parameter Description n a Example show ui settings advanced settings ...

Page 1178: ...usb modem advanced SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1178 usb modem advanced ...

Page 1179: ...d product id Parameters Parameter Description field name Name Type A string that contains a z A Z 0 9 _ field value Value Type A string that contains a z A Z 0 9 _ is any device Does paramter apply to all devices Type Boolean true false product id Product ID Type A hexadecimal string vendor id Vendor ID Type A hexadecimal string Example add usb modem advanced field name usb_advanced_config_name fi...

Page 1180: ... Reference Guide 1180 delete usb modem advanced Description Delete an existing USB modem advanced entry Syntax delete usb modem advanced id Parameters Parameter Description id id Type A number with no fractional part integer Example delete usb modem advanced 1000000 ...

Page 1181: ...nce Series R80 20 05 CLI Reference Guide 1181 delete usb modem advanced all Description Delete all existing USB modem advanced entries Syntax delete usb modem advanced all Parameters Parameter Description n a Example delete usb modem advanced all ...

Page 1182: ...ameter Description field name Name Type A string that contains a z A Z 0 9 _ field value Value Type A string that contains a z A Z 0 9 _ id id Type A number with no fractional part integer is any device Does parameter apply to all devices Type Boolean true false product id Product ID Type A hexadecimal string vendor id Vendor ID Type A hexa decimal string Example set usb modem advanced 1000000 fie...

Page 1183: ...00 Appliance Series R80 20 05 CLI Reference Guide 1183 show usb modem advanced Description Show existing USB modem advanced entries Syntax show usb modem advanced Parameters Parameter Description n a Example show usb modem advanced ...

Page 1184: ...Series R80 20 05 CLI Reference Guide 1184 show usb modem advanced table Description Show the existing USB modem advanced entries in a table Syntax show usb modem advanced table Parameters Parameter Description n a Example show usb modem advanced table ...

Page 1185: ...usb modem info SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1185 usb modem info ...

Page 1186: ... SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1186 show usb modem info Description Show existing USB modem information Syntax show usb modem info Parameters Parameter Description n a Example show usb modem info ...

Page 1187: ...pliance Series R80 20 05 CLI Reference Guide 1187 show usb modem info table Description Show existing USB modem information in a table Syntax show usb modem info table Parameters Parameter Description n a Example show usb modem info table ...

Page 1188: ...usb modem watchdog SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1188 usb modem watchdog ...

Page 1189: ...watchdog SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1189 set usb modem watchdog Configures the internet probing if probing is enabled to automatically detect and fix 3G 4G internet connectivity problems ...

Page 1190: ...hdog Description Configures the internet probing if probing is enabled to automatically detect and fix 3G 4G internet connectivity problems Syntax set usb modem watchdog advanced settings interval interval Parameters Parameter Description n a Example set usb modem watchdog advanced settings interval 10 ...

Page 1191: ...m watchdog Description Configures the internet probing if probing is enabled to automatically detect and fix 3G 4G internet connectivity problems Syntax set usb modem watchdog advanced settings mode mode Parameters Parameter Description n a Example set usb modem watchdog advanced settings mode off ...

Page 1192: ...rence Guide 1192 show usb modem watchdog Description Shows configuration for additional health monitoring functionality to USB modems Syntax show usb modem watchdog advanced settings Parameters Parameter Description n a Example show usb modem watchdog advanced settings ...

Page 1193: ...set used ad group SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1193 set used ad group Configures settings of a user group defined in the AD server ...

Page 1194: ...e AD server This is relevant only if the user group is defined with VPN remote access privileges Syntax set used ad group name name add bookmark label bookmark label Parameters Parameter Description bookmark label Text for the bookmark in the SSL Network Extender portal name Group name Type Active Directory group name Example set used ad group name my AD group add bookmark label myLabel ...

Page 1195: ...he AD server This is relevant only if the user group is defined with VPN remote access privileges Syntax set used ad group name name remove bookmark label bookmark label Parameters Parameter Description bookmark label Text for the bookmark in the SSL Network Extender portal name Group name Type Active Directory group name Example set used ad group name my AD group remove bookmark label myLabel ...

Page 1196: ...user awareness SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1196 user awareness ...

Page 1197: ...set user awareness SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1197 set user awareness Configures settings for the User Awareness blade ...

Page 1198: ... mode Parameters Parameter Description ad queries mode Indicates if User Awareness seamlessly queries the AD Active Directory servers to get user information Type Boolean true false browser based authentication mode Indicates if User Awareness uses a portal to identify locally defined users or as a backup to other identification methods Type Boolean true false mode User Awareness mode true for on ...

Page 1199: ...9 set user awareness Description Configures advanced settings for the User Awareness blade Syntax set user awareness advanced settings association timeout association timeout Parameters Parameter Description n a Example set user awareness advanced settings association timeout 10 ...

Page 1200: ...00 set user awareness Description Configures advanced settings for the User Awareness blade Syntax set user awareness advanced settings assume single user assume single user Parameters Parameter Description n a Example set user awareness advanced settings assume single user true ...

Page 1201: ...r based authentication SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1201 set user awareness browser based authentication Configures settings for browser based authentication captive portal by the User Awareness blade ...

Page 1202: ...out on portal close Parameters Parameter Description agreement text The conditions shown to the users to agree to Type A string that contains only printable characters block unauthenticated non web traffic When true users using non HTTP traffic are forced to login first through Browser Based Authentication Type Boolean true false log out on portal close When true the user is forced to keep the por...

Page 1203: ...t agree to the legal conditions Type Boolean true false session timeout Session timeout duration in minutes for browser based authentication Type A number with no fractional part integer Units should be entered in minutes Example set user awareness browser based authentication redirect upon destinations manually defined redirect upon destination internet true redirect upon destinations net o true ...

Page 1204: ...reness browser based authentication Description Configures network objects to be used in the User Awareness blade Syntax set user awareness browser based authentication add net obj net obj Parameters Parameter Description net obj Network object name Example set user awareness browser based authentication add net obj TEXT ...

Page 1205: ...ess browser based authentication Description Configures network objects to be used in the User Awareness blade Syntax set user awareness browser based authentication remove net obj net obj Parameters Parameter Description net obj Network object name Example set user awareness browser based authentication remove net obj TEXT ...

Page 1206: ...et user awareness browser based authentication Description Configures network objects to be used in the User Awareness blade Syntax set user awareness browser based authentication remove all net objs Parameters Parameter Description n a Example set user awareness browser based authentication remove all net objs ...

Page 1207: ...show user awareness SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1207 show user awareness Shows the configuration of the User Awareness blade ...

Page 1208: ...0 Appliance Series R80 20 05 CLI Reference Guide 1208 show user awareness Description Shows the configuration of the User Awareness blade Syntax show user awareness Parameters Parameter Description n a Example show user awareness ...

Page 1209: ... R80 20 05 CLI Reference Guide 1209 show user awareness Description Shows advanced settings of the User Awareness blade Syntax show user awareness advanced settings Parameters Parameter Description n a Example show user awareness advanced settings ...

Page 1210: ...uide 1210 show user awareness browser based authentication Description Shows the browser based authentication configuration of the User Awareness blade Syntax show user awareness browser based authentication Parameters Parameter Description n a Example show user awareness browser based authentication ...

Page 1211: ...t Description Configures advanced settings for the User Awareness blade Syntax set user management advanced settings auto delete expired local users auto delete expired local users Parameters Parameter Description n a Example set user management advanced settings auto delete expired local users true ...

Page 1212: ...grade log SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1212 show upgrade log Description Shows upgrade log files Syntax show upgrade log Parameters Parameter Description n a Example show upgrade log ...

Page 1213: ...e 1213 show used ad group bookmarks Description Show bookmarks configured to a user group defined in AD Syntax show used ad group bookmarks name name Parameters Parameter Description name Group name Type Active Directory group name Example show used ad group bookmarks name my AD group ...

Page 1214: ...m a file on a USB drive or TFTP server Syntax upgrade from usb file usb_file tftp server server filename tftp_file Parameters Parameter Description usb_file Name of software image file on USB drive server Host name or IP address of TFTP server tftp_file Name of software image file on TFTP server Example upgrade from tftp server my tftp server filename my new software ...

Page 1215: ...vpn SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1215 vpn ...

Page 1216: ...vpn SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1216 vpn The vpncommand manages the VPN driver and helps to debug the VPN ...

Page 1217: ...ls the VPN kernel vpnk and connects to the firewall kernel fwk attaching the VPN driver to the Firewall driver Syntax vpn drv on off Parameters Parameter Description on off Starts or stops the VPN kernel Return Value 0 on success 1 on failure Example vpn drv on Output Success shows OK Failure shows an appropriate error message ...

Page 1218: ...ool Description Launches the VPN TunnelUtil tool to n List IKE and IPSec SAs n Delete IKE and IPSec SAs Syntax vpn tunnelutil Parameters Parameter Description n a Return Value 0 on success 1 on failure Example vpn tunnelutil Output Success launches VPN TunnelUtil tool Failure shows an appropriate error message ...

Page 1219: ...n moff Parameters Parameter Description on off Writes debugging information t FWDIR log sfwd elg TOPIC level Sets level of debugging for a particular topic This argument can only be used afte on o trunc ikeon ikeoff Writes IKE packet information int FWDIR log ike elg trunc Writes bot sfwd elg an ike elg but first clears the files mon moff Writes raw IKE packets t FWDIR log ikemonitor snoop Return ...

Page 1220: ...Debugging VPN SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1220 Example vpn debug on ...

Page 1221: ... vpn Description Delete a configured Virtual Tunnel Interface VTI by tunnel ID Syntax delete vpn tunnel tunnel Parameters Parameter Description tunnel A number identifying the Virtual Tunnel Interface VTI Type A number with no fractional part integer Example delete vpn tunnel 12 ...

Page 1222: ...set vpn SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1222 set vpn Configures existing remote VPN sites ...

Page 1223: ...ode gateway id false enc method enc method use trusted ca use trusted ca match cert ip match cert ip match cert dn true match cert dn string match cert dn string false match cert e mail true match cert e mail string match cert e mail string false link selection probing method link selection probing method name name remote site link selection remote site link selection remote site host name remote ...

Page 1224: ... user name auth method Indicates the type of authentication used when connecting to the remote site Type Press TAB to see available options disable nat Disable NAT for traffic to from the remote site Useful when one of the internal networks contains a server Type Boolean true false enable perfect forward secrecy Ensures that a session key will not be compromised if one of the long term private key...

Page 1225: ...match the E mail string in the certificate to the configured E mail string Type Boolean true false match cert e mail string Indicates the configured E mail string for certificate matching Type Email address match cert ip Indicates if certificate matching should match IP address in the certificate to the site s IP address Type Boolean true false name Site name Type A string that begins with a lette...

Page 1226: ...tatic NAT used by the remote site when configured as such use trusted ca Indicates if a specific trusted CA is used for matching the remote site s certificate or all configured trusted CAs Example set vpn site site17 enabled true remote site enc dom type manually defined enc dom enc profile custom phase1 reneg interval 15 phase2 reneg interval 15 enable perfect forward secrecy true phase2 dh word ...

Page 1227: ...tax set vpn site site add remote site enc dom network obj remote site enc dom network obj Parameters Parameter Description remote site enc dom network obj Network Object name site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 add remote site enc dom network obj TEXT ...

Page 1228: ...x set vpn site site remove all remote site enc dom network obj remote site enc dom network obj Parameters Parameter Description remote site enc dom network obj Network Object name site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 remove all remote site enc dom network obj TEXT ...

Page 1229: ...ax set vpn site site remove remote site enc dom network obj remote site enc dom network obj Parameters Parameter Description remote site enc dom network obj Network Object name site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 remove remote site enc dom network obj TEXT ...

Page 1230: ... the link selection functionality Syntax set vpn site site add link selection multiple addrs addr link selection multiple addrs addr Parameters Parameter Description link selection multiple addrs addr IP address site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 add link selection multiple addrs ...

Page 1231: ...et vpn site site remove all link selection multiple addrs addr link selection multiple addrs addr Parameters Parameter Description link selection multiple addrs addr IP address site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 remove all link selection multiple addrs addr 192 168 1 1 ...

Page 1232: ...the link selection functionality Syntax set vpn site site remove link selection multiple addrs addr link selection multiple addrs addr Parameters Parameter Description link selection multiple addrs addr IP address site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 remove link selection multiple a...

Page 1233: ... vpn site site add custom enc phase1 enc custom enc phase1 enc Parameters Parameter Description custom enc phase1 enc Encryption algorithm preferences for phase1 in the VPN encryption algorithm which sets the base for phase2 site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 add custom enc phase1...

Page 1234: ...n site site remove all custom enc phase1 enc custom enc phase1 enc Parameters Parameter Description custom enc phase1 enc Encryption algorithm preferences for phase1 in the VPN encryption algorithm which sets the base for phase2 site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 remove all custom...

Page 1235: ... vpn site site remove custom enc phase1 enc custom enc phase1 enc Parameters Parameter Description custom enc phase1 enc Encryption algorithm preferences for phase1 in the VPN encryption algorithm which sets the base for phase2 site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 remove custom enc ...

Page 1236: ...ncryption suite Syntax set vpn site site add custom enc phase1 auth custom enc phase1 auth Parameters Parameter Description custom enc phase1 auth Authentication algorithm used for encryption validation site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 add custom enc phase1 auth word ...

Page 1237: ...yption suite Syntax set vpn site site remove all custom enc phase1 auth custom enc phase1 auth Parameters Parameter Description custom enc phase1 auth Authentication algorithm used for encryption validation site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 remove all custom enc phase1 auth word ...

Page 1238: ...cryption suite Syntax set vpn site site remove custom enc phase1 auth custom enc phase1 auth Parameters Parameter Description custom enc phase1 auth Authentication algorithm used for encryption validation site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 remove custom enc phase1 auth word ...

Page 1239: ...uite Syntax set vpn site site add custom enc phase1 dh group custom enc phase1 dh group Parameters Parameter Description custom enc phase1 dh group VPN Diffie Hellman key exchange encryption level site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 add custom enc phase1 dh group word ...

Page 1240: ...e Syntax set vpn site site remove all custom enc phase1 dh group custom enc phase1 dh group Parameters Parameter Description custom enc phase1 dh group VPN Diffie Hellman key exchange encryption level site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 remove all custom enc phase1 dh group word ...

Page 1241: ...uite Syntax set vpn site site remove custom enc phase1 dh group custom enc phase1 dh group Parameters Parameter Description custom enc phase1 dh group VPN Diffie Hellman key exchange encryption level site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 remove custom enc phase1 dh group word ...

Page 1242: ...suite Syntax set vpn site site add custom enc phase2 enc custom enc phase2 enc Parameters Parameter Description custom enc phase2 enc Encryption algorithm preferences for phase2 in the VPN encryption algorithm site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 add custom enc phase2 enc word ...

Page 1243: ...te Syntax set vpn site site remove all custom enc phase2 enc custom enc phase2 enc Parameters Parameter Description custom enc phase2 enc Encryption algorithm preferences for phase2 in the VPN encryption algorithm site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 remove all custom enc phase2 enc...

Page 1244: ...uite Syntax set vpn site site remove custom enc phase2 enc custom enc phase2 enc Parameters Parameter Description custom enc phase2 enc Encryption algorithm preferences for phase2 in the VPN encryption algorithm site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 remove custom enc phase2 enc word ...

Page 1245: ...ncryption suite Syntax set vpn site site add custom enc phase2 auth custom enc phase2 auth Parameters Parameter Description custom enc phase2 auth Authentication algorithm used for encryption validation site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 add custom enc phase2 auth word ...

Page 1246: ...yption suite Syntax set vpn site site remove all custom enc phase2 auth custom enc phase2 auth Parameters Parameter Description custom enc phase2 auth Authentication algorithm used for encryption validation site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 remove all custom enc phase2 auth word ...

Page 1247: ...cryption suite Syntax set vpn site site remove custom enc phase2 auth custom enc phase2 auth Parameters Parameter Description custom enc phase2 auth Authentication algorithm used for encryption validation site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example set vpn site site17 remove custom enc phase2 auth word ...

Page 1248: ... before you can define the VTI The Peer ID is an alpha numeric character string Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces remote Defines the remote peer IPv4 address used at the peer gateway s point to point virtual interface numbered VTI only Type IP address tunnel A number identifying the Virtual Tunnel Interface VTI Type A num...

Page 1249: ...show vpn SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1249 show vpn Shows VPN site to site configuration ...

Page 1250: ... vpn Description Shows the configuration of a remote VPN site Syntax show vpn site site Parameters Parameter Description site Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example show vpn site site17 ...

Page 1251: ...iption Shows the configuration of a Virtual Tunnel Interface VTI used for route based VPN Syntax show vpn tunnel tunnel Parameters Parameter Description tunnel A number identifying the Virtual Tunnel Interface VTI Type A number with no fractional part integer Example show vpn tunnel 12 ...

Page 1252: ...vpn remote access SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1252 vpn remote access ...

Page 1253: ...set vpn remote access SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1253 set vpn remote access Configures settings for VPN remote access Client to server VPN ...

Page 1254: ...e shared key L2TP Pre Shared Key Type A string of alphanumeric characters without space between them l2tp vpn client Enable VPN remote access clients to connect via native VPN client L2TP Type Boolean true false mobile client Enable VPN remote access mobile clients to connect via Check Point Mobile VPN client Type Boolean true false mode Enable VPN Remote Access Type Boolean true false sslvpn clie...

Page 1255: ...de 1255 set vpn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings enc dns traffic enc dns traffic Parameters Parameter Description n a Example set vpn remote access advanced settings enc dns traffic true ...

Page 1256: ...6 set vpn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings verify gateway cert verify gateway cert Parameters Parameter Description n a Example set vpn remote access advanced settings verify gateway cert true ...

Page 1257: ...7 set vpn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings update topo startup update topo startup Parameters Parameter Description n a Example set vpn remote access advanced settings update topo startup true ...

Page 1258: ...ide 1258 set vpn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings keep alive time keep alive time Parameters Parameter Description n a Example set vpn remote access advanced settings keep alive time 15 ...

Page 1259: ...ess Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings endpoint vpn user re auth timeout endpoint vpn user re auth timeout Parameters Parameter Description n a Example set vpn remote access advanced settings endpoint vpn user re auth timeout 15 ...

Page 1260: ... Guide 1260 set vpn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings ike over tcp ike over tcp Parameters Parameter Description n a Example set vpn remote access advanced settings ike over tcp true ...

Page 1261: ...1261 set vpn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings is udp enc active is udp enc active Parameters Parameter Description n a Example set vpn remote access advanced settings is udp enc active true ...

Page 1262: ...n remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings radius retransmit timeout radius retransmit timeout Parameters Parameter Description n a Example set vpn remote access advanced settings radius retransmit timeout 15 ...

Page 1263: ... 1263 set vpn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings om method radius om method radius Parameters Parameter Description n a Example set vpn remote access advanced settings om method radius true ...

Page 1264: ...te access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings snx uninstall on disconnect snx uninstall on disconnect Parameters Parameter Description n a Example set vpn remote access advanced settings snx uninstall on disconnect ask user ...

Page 1265: ...t vpn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings snx keep alive timeout snx keep alive timeout Parameters Parameter Description n a Example set vpn remote access advanced settings snx keep alive timeout 15 ...

Page 1266: ... Guide 1266 set vpn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings snx min tls snx min tls Parameters Parameter Description n a Example set vpn remote access advanced settings snx min tls tls 1 0 ...

Page 1267: ...emote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings snx encryption enable 3des snx encryption enable 3des Parameters Parameter Description n a Example set vpn remote access advanced settings snx encryption enable 3des true ...

Page 1268: ...nce Guide 1268 set vpn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings update topo update topo Parameters Parameter Description n a Example set vpn remote access advanced settings update topo 15 ...

Page 1269: ...n remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings use limited auth timeout use limited auth timeout Parameters Parameter Description n a Example set vpn remote access advanced settings use limited auth timeout true ...

Page 1270: ...270 set vpn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings auth timeout limit auth timeout limit Parameters Parameter Description n a Example set vpn remote access advanced settings auth timeout limit 15 ...

Page 1271: ...emote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings om enable with multiple if om enable with multiple if Parameters Parameter Description n a Example set vpn remote access advanced settings om enable with multiple if true ...

Page 1272: ...et vpn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings disconnect enc domain disconnect enc domain Parameters Parameter Description n a Example set vpn remote access advanced settings disconnect enc domain true ...

Page 1273: ... 1273 set vpn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings enable back conn enable back conn Parameters Parameter Description n a Example set vpn remote access advanced settings enable back conn true ...

Page 1274: ...1274 set vpn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings allow update topo allow update topo Parameters Parameter Description n a Example set vpn remote access advanced settings allow update topo true ...

Page 1275: ... remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings snx encryption enable rc4 snx encryption enable rc4 Parameters Parameter Description n a Example set vpn remote access advanced settings snx encryption enable rc4 true ...

Page 1276: ...6 set vpn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings ike ip comp support ike ip comp support Parameters Parameter Description n a Example set vpn remote access advanced settings ike ip comp support true ...

Page 1277: ...ce Guide 1277 set vpn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings enc method enc method Parameters Parameter Description n a Example set vpn remote access advanced settings enc method ike v1 ...

Page 1278: ... Guide 1278 set vpn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings snx upgrade snx upgrade Parameters Parameter Description n a Example set vpn remote access advanced settings snx upgrade ask user ...

Page 1279: ...emote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings ike support crash recovery ike support crash recovery Parameters Parameter Description n a Example set vpn remote access advanced settings ike support crash recovery true ...

Page 1280: ...iption Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings allow clear traffic while disconnected allow clear traffic while disconnected Parameters Parameter Description n a Example set vpn remote access advanced settings allow clear traffic while disconnected true ...

Page 1281: ...ss Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings allow caching passwords on client allow caching passwords on client Parameters Parameter Description n a Example set vpn remote access advanced settings allow caching passwords on client true ...

Page 1282: ...2 set vpn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings prevent ip pool nat prevent ip pool nat Parameters Parameter Description n a Example set vpn remote access advanced settings prevent ip pool nat true ...

Page 1283: ...3 set vpn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings disable office mode disable office mode Parameters Parameter Description n a Example set vpn remote access advanced settings disable office mode true ...

Page 1284: ...pn remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings snx user re auth timeout snx user re auth timeout Parameters Parameter Description n a Example set vpn remote access advanced settings snx user re auth timeout 15 ...

Page 1285: ...n remote access Description Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings allow simultaneous login allow simultaneous login Parameters Parameter Description n a Example set vpn remote access advanced settings allow simultaneous login true ...

Page 1286: ...ption Configures advanced settings for VPN remote access Syntax set vpn remote access advanced settings port visitor mode port visitor mode port reserve port 443 reserve port 443 Parameters Parameter Description n a Example set vpn remote access advanced settings port visitor mode port 8080 reserve port 443 true ...

Page 1287: ...vanced settings for VPN remote access Syntax set vpn remote access advanced settings office mode om perform antispoofing om perform antispoofing single om per site single om per site Parameters Parameter Description n a Example set vpn remote access advanced settings office mode om perform antispoofing true single om per site true ...

Page 1288: ...tings for VPN remote access Syntax set vpn remote access advanced settings visitor mode enable visitor mode all enable visitor mode all visitor mode interface visitor mode interface Parameters Parameter Description n a Example set vpn remote access advanced settings visitor mode enable visitor mode all all visitor mode interface 192 168 1 1 ...

Page 1289: ...show vpn remote access SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1289 show vpn remote access Shows configuration of remote access VPN ...

Page 1290: ...500 Appliance Series R80 20 05 CLI Reference Guide 1290 show vpn remote access Description Shows configuration of remote access VPN Syntax show vpn remote access Parameters Parameter Description n a Example show vpn remote access ...

Page 1291: ... R80 20 05 CLI Reference Guide 1291 show vpn remote access Description Shows advanced settings of remote access VPN Syntax show vpn remote access advanced settings Parameters Parameter Description n a Example show vpn remote access advanced settings ...

Page 1292: ...dicates if Internet traffic from connected clients will be routed first through this gateway Type Boolean true false dns domain mode Indicates if remote access clients use the domain name configured under DNS network settings of the device or a manually configured domain name Type Boolean true false dns primary Configure manually office mode first DNS Type IP address dns secondary Configure manual...

Page 1293: ... if the remote access clients will use this gateway as a DNS server Applicable only when encryption domain is calculated automatically Type Boolean true false Example set vpn remote access advanced om network ip 172 16 10 0 om subnet mask 255 255 255 0 default route through this gateway true enc dom manual use this gateway as dns server true dns primary 192 168 1 1 dns secondary 192 168 1 1 dns te...

Page 1294: ...ce Series R80 20 05 CLI Reference Guide 1294 show vpn remote access advanced Description Shows advanced settings of remote access VPN Syntax show vpn remote access advanced Parameters Parameter Description n a Example show vpn remote access advanced ...

Page 1295: ...ote access advanced enc dom obj manual SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1295 set vpn remote access advanced enc dom obj manual Configures manual encryption domain for VPN remote access users ...

Page 1296: ...te access advanced enc dom obj manual Description Adds a network object to the manual encryption domain of VPN remote access Syntax set vpn remote access advanced enc dom obj manual add name name Parameters Parameter Description name Network Object name Example set vpn remote access advanced enc dom obj manual add name TEXT ...

Page 1297: ...ess advanced enc dom obj manual Description Removes a network object from the manual encryption domain of VPN remote access Syntax set vpn remote access advanced enc dom obj manual remove name name Parameters Parameter Description name Network Object name Example set vpn remote access advanced enc dom obj manual remove name TEXT ...

Page 1298: ...vpn site SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1298 vpn site ...

Page 1299: ...add vpn site SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1299 add vpn site Description Adds a new remote VPN site for VPN site to site ...

Page 1300: ...add vpn site SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1300 Syntax ...

Page 1301: ...e aggressive mode DH group aggressive mode DH group aggressive mode enable peer id true aggressive mode peer id type aggressive mode peer id type aggressive mode peer id aggressive mode peer id false aggressive mode enable gateway id true aggressive mode gateway id type aggressive mode gateway id type aggressive mode gateway id aggressive mode gateway id false false enc method enc method use trust...

Page 1302: ...ype Indicates the type of gateway ID that will be used for matching when configured Options domain name user name aggressive mode peer id The peer ID that will be used for matching when configured to Type vpnAggressiveModePeerId aggressive mode peer id type Indicates the type of peer ID that will be used for matching when configured Options domain name user name auth method Indicates the type of a...

Page 1303: ...or link selection when multiple IP addresses are configured for the remote site Options ongoing one time match cert dn Indicates if certificate matching should match the DN string in the certificate to the configured DN string Type Boolean true false match cert dn string Indicates the configured DN string for certificate matching Type String match cert e mail Indicates if certificate matching shou...

Page 1304: ... with no fractional part integer remote site enc dom type The method of defining the remote site s encryption domain Options manually defined enc dom route all traffic to site route based vpn enc dom hidden behind remote site remote site host name Indicates the host name of the remote site Type An IP address or host name remote site ip address Indicates the IP address of the remote site Type IP ad...

Page 1305: ...v1 use trusted ca TEXT match cert ip true match cert dn true match cert dn string TEXT match cert e mail true match cert e mail string MyEmail mail com link selection probing method ongoing auth method preshared secret password vpnPassword enabled true remote site enc dom type manually defined enc dom enc profile custom phase1 reneg interval 15 phase2 reneg interval 15 enable perfect forward secre...

Page 1306: ...delete vpn site SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1306 delete vpn site Delete VPN sites ...

Page 1307: ... vpn site Description Delete an existing VPN site by name Syntax delete vpn site name name Parameters Parameter Description name Site name Type A string that begins with a letter and contains up to 32 alphanumeric 0 9 a z _ characters without spaces Example delete vpn site name site17 ...

Page 1308: ...ite SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1308 delete vpn site Description Delete all existing VPN sites Syntax delete vpn site all Parameters Parameter Description n a Example delete vpn site all ...

Page 1309: ...ites SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1309 show vpn sites Description Show all configured remote VPN sites Syntax show vpn sites Parameters Parameter Description n a Example show vpn sites ...

Page 1310: ...vpn site to site SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1310 vpn site to site ...

Page 1311: ...set vpn site to site SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1311 set vpn site to site Configure global settings for VPN site to site ...

Page 1312: ...emote sites by default A I Options block accept local encryption domain Indicates if the local encryption domain is configured manually or determined automatically using the local networks Options auto manual manual source ip address A manually configured source IP address to be used if configured to for VPN tunnels Type IP address mode Indicates whether or not VPN site to site is active Type Bool...

Page 1313: ...esponder mode Once checked DPD responder mode will be enabled otherwise permanent tunnel based on DPD mode will be enabled Type Boolean true false Example set vpn site to site mode true default access to lan block track none local encryption domain auto manual source ip address 192 168 1 1 source ip address selection automatically outgoing interface selection routing table use dpd responder mode t...

Page 1314: ...te Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings sync sa with other cluster members sync sa with other cluster members Parameters Parameter Description n a Example set vpn site to site advanced settings sync sa with other cluster members 15 ...

Page 1315: ...ite Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings keep dont fragment flag on packet keep dont fragment flag on packet Parameters Parameter Description n a Example set vpn site to site advanced settings keep dont fragment flag on packet true ...

Page 1316: ...o site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings delete ipsec sas on ikes delete delete ipsec sas on ikes delete Parameters Parameter Description n a Example set vpn site to site advanced settings delete ipsec sas on ikes delete true ...

Page 1317: ...pn site to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings period after crl not valid period after crl not valid Parameters Parameter Description n a Example set vpn site to site advanced settings period after crl not valid 2 ...

Page 1318: ... Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings log notification for administrative actions log notification for administrative actions Parameters Parameter Description n a Example set vpn site to site advanced settings log notification for administrative actions none ...

Page 1319: ... Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings udp encapsulation for firewalls and proxies udp encapsulation for firewalls and proxies Parameters Parameter Description n a Example set vpn site to site advanced settings udp encapsulation for firewalls and proxies true ...

Page 1320: ...site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings copy diff serv from ipsec packet copy diff serv from ipsec packet Parameters Parameter Description n a Example set vpn site to site advanced settings copy diff serv from ipsec packet true ...

Page 1321: ...o site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings log vpn successful key exchange log vpn successful key exchange Parameters Parameter Description n a Example set vpn site to site advanced settings log vpn successful key exchange none ...

Page 1322: ...site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings dpd triggers new ike negotiation dpd triggers new ike negotiation Parameters Parameter Description n a Example set vpn site to site advanced settings dpd triggers new ike negotiation true ...

Page 1323: ...to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings log vpn packet handling errors log vpn packet handling errors Parameters Parameter Description n a Example set vpn site to site advanced settings log vpn packet handling errors none ...

Page 1324: ... 1324 set vpn site to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings keep ikesa keys keep ikesa keys Parameters Parameter Description n a Example set vpn site to site advanced settings keep ikesa keys do not keep ...

Page 1325: ...pn site to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings permanent tunnel up track permanent tunnel up track Parameters Parameter Description n a Example set vpn site to site advanced settings permanent tunnel up track none ...

Page 1326: ...pn site to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings tunnel test from internal tunnel test from internal Parameters Parameter Description n a Example set vpn site to site advanced settings tunnel test from internal true ...

Page 1327: ...1327 set vpn site to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings vpn tunnel sharing vpn tunnel sharing Parameters Parameter Description n a Example set vpn site to site advanced settings vpn tunnel sharing hosts ...

Page 1328: ...ion Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings vpn configuration and key exchange errors vpn configuration and key exchange errors Parameters Parameter Description n a Example set vpn site to site advanced settings vpn configuration and key exchange errors none ...

Page 1329: ...1329 set vpn site to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings reply from same ip reply from same ip Parameters Parameter Description n a Example set vpn site to site advanced settings reply from same ip true ...

Page 1330: ...0 set vpn site to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings no local dns encrypt no local dns encrypt Parameters Parameter Description n a Example set vpn site to site advanced settings no local dns encrypt true ...

Page 1331: ...vpn site to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings is admin access agnostic is admin access agnostic Parameters Parameter Description n a Example set vpn site to site advanced settings is admin access agnostic true ...

Page 1332: ...et vpn site to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings period before crl valid period before crl valid Parameters Parameter Description n a Example set vpn site to site advanced settings period before crl valid 5 ...

Page 1333: ...e to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings maximum concurrent vpn tunnels maximum concurrent vpn tunnels Parameters Parameter Description n a Example set vpn site to site advanced settings maximum concurrent vpn tunnels 5 ...

Page 1334: ...e Guide 1334 set vpn site to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings limit open sas limit open sas Parameters Parameter Description n a Example set vpn site to site advanced settings limit open sas 5 ...

Page 1335: ...site to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings permanent tunnel down track permanent tunnel down track Parameters Parameter Description n a Example set vpn site to site advanced settings permanent tunnel down track none ...

Page 1336: ... set vpn site to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings enable link selection enable link selection Parameters Parameter Description n a Example set vpn site to site advanced settings enable link selection true ...

Page 1337: ...scription Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings check validity of ipsec reply packets check validity of ipsec reply packets Parameters Parameter Description n a Example set vpn site to site advanced settings check validity of ipsec reply packets true ...

Page 1338: ...site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings ike dos protection unknown sites ike dos protection unknown sites Parameters Parameter Description n a Example set vpn site to site advanced settings ike dos protection unknown sites none ...

Page 1339: ...to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings ike dos protection known sites ike dos protection known sites Parameters Parameter Description n a Example set vpn site to site advanced settings ike dos protection known sites none ...

Page 1340: ...e Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings maximum concurrent ike negotiations maximum concurrent ike negotiations Parameters Parameter Description n a Example set vpn site to site advanced settings maximum concurrent ike negotiations 20 ...

Page 1341: ... set vpn site to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings log vpn outgoing link log vpn outgoing link Parameters Parameter Description n a Example set vpn site to site advanced settings log vpn outgoing link none ...

Page 1342: ...o site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings delete ike sas from a dead peer delete ike sas from a dead peer Parameters Parameter Description n a Example set vpn site to site advanced settings delete ike sas from a dead peer true ...

Page 1343: ...to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings timeout for an rdp packet reply timeout for an rdp packet reply Parameters Parameter Description n a Example set vpn site to site advanced settings timeout for an rdp packet reply 15 ...

Page 1344: ...te to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings perform ike using cluster ip perform ike using cluster ip Parameters Parameter Description n a Example set vpn site to site advanced settings perform ike using cluster ip true ...

Page 1345: ...e to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings reply from incoming interface reply from incoming interface Parameters Parameter Description n a Example set vpn site to site advanced settings reply from incoming interface true ...

Page 1346: ...site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings ike use largest possible subnets ike use largest possible subnets Parameters Parameter Description n a Example set vpn site to site advanced settings ike use largest possible subnets true ...

Page 1347: ...to site Description Configure advanced settings for VPN site to site Syntax set vpn site to site advanced settings copy diff serv to ipsec packet copy diff serv to ipsec packet Parameters Parameter Description n a Example set vpn site to site advanced settings copy diff serv to ipsec packet true ...

Page 1348: ...shows vpn site to site SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1348 shows vpn site to site Shows configuration of site to site VPN ...

Page 1349: ... 1500 Appliance Series R80 20 05 CLI Reference Guide 1349 show vpn site to site Description Shows configuration of site to site VPN Syntax show vpn site to site Parameters Parameter Description n a Example show vpn site to site ...

Page 1350: ...es R80 20 05 CLI Reference Guide 1350 shows vpn site to site Description Shows advanced settings of site to site VPN Syntax show vpn site to site advanced settings Parameters Parameter Description n a Example show vpn site to site advanced settings ...

Page 1351: ...set vpn site to site enc dom manual SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1351 set vpn site to site enc dom manual Configures manually the local encryption domain for site to site VPN ...

Page 1352: ...2 set vpn site to site enc dom manual Description Adds a network object to the local encryption domain for site to site VPN Syntax set vpn site to site enc dom manual add name name Parameters Parameter Description name Network Object name Example set vpn site to site enc dom manual add name TEXT ...

Page 1353: ...ite to site enc dom manual Description Removes all network objects from the local encryption domain for site to site VPN Syntax set vpn site to site enc dom manual remove all name name Parameters Parameter Description name Network Object name Example set vpn site to site enc dom manual remove all name TEXT ...

Page 1354: ... vpn site to site enc dom manual Description Removes a network object from the local encryption domain for site to site VPN Syntax set vpn site to site enc dom manual remove name name Parameters Parameter Description name Network Object name Example set vpn site to site enc dom manual remove name TEXT ...

Page 1355: ...vpn tunnel SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1355 vpn tunnel ...

Page 1356: ...eference Guide 1356 show vpn tunnel Description Shows all IKE Internet Key Exchange and IPSec Internet Protocol Security SAs Security Associations for the VPN tunnel Syntax show vpn tunnel info Parameters Parameter Description n a Example show vpn tunnel info ...

Page 1357: ... SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1357 show vpn tunnels Description Shows all Virtual Tunnel Interfaces VTIs Syntax show vpn tunnels Parameters Parameter Description n a Example show vpn tunnels ...

Page 1358: ...wlan SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1358 wlan ...

Page 1359: ... delete wlan Description Delete an existing wireless Virtual Access Point VAP by SSID Syntax delete wlan vap vap Parameters Parameter Description vap The name of the Virtual Access Point Type A string that contains A Z 0 9 _ and characters Example delete wlan vap My_Network ...

Page 1360: ...set wlan SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1360 set wlan Configures a virtual access point VAP wireless network in appliance models that contain wireless options ...

Page 1361: ... 05 CLI Reference Guide 1361 set wlan Description Turn on off the first wireless network VAP that was created Syntax set wlan on off Parameters Parameter Description mode The mode of the Virtual Access Point Options on off Example set wlan on ...

Page 1362: ...set wlan Description Configures the SSID of the first wireless network that was created Syntax set wlan ssid ssid Parameters Parameter Description ssid Wireless network name SSID Type A string that contains A Z 0 9 _ and space characters Example set wlan ssid My wireless ...

Page 1363: ... Guide 1363 set wlan Description Configures the first wireless network that was created Syntax set wlan security type security type Parameters Parameter Description security type Security Type Options none WEP WPA2 WPA WPA2 Example set wlan security type none ...

Page 1364: ...rence Guide 1364 set wlan Description Configures the first wireless network that was created Syntax set wlan wpa auth type password password hotspot hotspot Parameters Parameter Description n a Example set wlan wpa auth type password gTd 3 gha_ hotspot on ...

Page 1365: ...ss network that was created Syntax set wlan wpa auth type radius hotspot hotspot Parameters Parameter Description hotspot The Hotspot of the Virtual Access Point Options on off wpa auth type Wireless protected access authentication Type Press TAB to see available options Example set wlan wpa auth type radius hotspot on ...

Page 1366: ...cription Configures the first wireless network that was created Syntax set wlan wpa encryption type wpa encryption type Parameters Parameter Description wpa encryption type Wireless protected access encryption type Options Auto CCMP AES TKIP Example set wlan wpa encryption type Auto ...

Page 1367: ...ription Configures the first wireless network that was created Syntax set wlan assignment assignment Parameters Parameter Description assignment The network assigned to the virtual access point Type A string that contains A Z 0 9 _ and characters Example set wlan assignment My_Network ...

Page 1368: ... Disable an existing wireless network VAP Syntax set wlan vap vap enable disable Parameters Parameter Description mode The mode of the Virtual Access Point Options on off vap The name of the Virtual Access Point Type A string that contains A Z 0 9 _ and characters Example set wlan vap My_Network on ...

Page 1369: ...ng wireless network VAP Syntax set wlan vap vap ssid ssid Parameters Parameter Description ssid Wireless network name SSID Type A string that contains A Z 0 9 _ and space characters vap The name of the Virtual Access Point Type A string that contains A Z 0 9 _ and characters Example set wlan vap My_Network ssid My wireless ...

Page 1370: ...ng wireless network VAP Syntax set wlan vap vap security type security type Parameters Parameter Description security type Security Type Options none WEP WPA2 WPA WPA2 vap The name of the Virtual Access Point Type A string that contains A Z 0 9 _ and characters Example set wlan vap My_Network security type none ...

Page 1371: ... existing wireless network VAP Syntax set wlan vap vap wpa auth type password password hotspot hotspot Parameters Parameter Description vap The name of the Virtual Access Point Type A string that contains A Z 0 9 _ and characters Example set wlan vap My_Network wpa auth type password gTd 3 gha_ hotspot on ...

Page 1372: ...e radius hotspot hotspot Parameters Parameter Description hotspot The Hotspot of the Virtual Access Point Options on off vap The name of the Virtual Access Point Type A string that contains A Z 0 9 _ and characters wpa auth type Wireless protected access authentication Type Press TAB to see available options Example set wlan vap My_Network wpa auth type radius hotspot on ...

Page 1373: ...Syntax set wlan vap vap wpa encryption type wpa encryption type Parameters Parameter Description vap The name of the Virtual Access Point Type A string that contains A Z 0 9 _ and characters wpa encryption type Wireless protected access encryption type Options Auto CCMP AES TKIP Example set wlan vap My_Network wpa encryption type Auto ...

Page 1374: ...yntax set wlan vap vap assignment assignment Parameters Parameter Description assignment The network assigned to the virtual access point Type A string that contains A Z 0 9 _ and characters vap The name of the Virtual Access Point Type A string that contains A Z 0 9 _ and characters Example set wlan vap My_Network assignment My_Network ...

Page 1375: ...VAP Syntax set wlan vap vap advanced settings hide ssid hide ssid station to station station to station wds wds Parameters Parameter Description vap The name of the Virtual Access Point Type A string that contains A Z 0 9 _ and characters Example set wlan vap My_Network advanced settings hide ssid on station to station allow wds on ...

Page 1376: ...able protection of 802 11 management frames refers to the main wireless access point Syntax set wlan main wireless name advanced settings protected mgmt frames on off Parameters Parameter Description main wireless name Name of the main wireless access point Type Press TAB to see available options on off on Enabled off Disabled Example set wlan NANCY wireless advanced settings protected mgmt frames...

Page 1377: ...show wlan SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1377 show wlan Shows configuration for wireless networks relevant to hardware models with wireless ...

Page 1378: ...ow wlan Description Shows configuration for a virtual access point VAP or wireless network Syntax show wlan vap vap Parameters Parameter Description vap The name of the Virtual Access Point Type A string that contains A Z 0 9 _ and characters Example show wlan vap My_Network ...

Page 1379: ...wlan SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1379 show wlan Description Shows configuration of the wireless radio Syntax text show wlan Parameters Parameter Description n a Example show wlan ...

Page 1380: ...wlan radio SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1380 wlan radio ...

Page 1381: ...set wlan radio SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1381 set wlan radio Configures the radio settings of wireless antennas in appliance models that contain wireless options ...

Page 1382: ...untry operation mode operation mode channel channel channel width channel width Parameters Parameter Description channel Channel Options channel channel width Channel width Options auto 20 40 80 country Country Options country operation mode Operation mode Options 11b 11g 11bg 11n 11ng 11ac 11nac Example set wlan radio country albania operation mode 11b channel auto channel width auto ...

Page 1383: ...t wlan radio band band country country operation mode operation mode channel channel channel width channel width Parameters Parameter Description band type Options 5GHz 2 4GHz channel Channel Options channel channel width Channel width Options auto 20 40 80 country Country Options country operation mode Operation mode Options 11b 11g 11bg 11n 11ng 11ac 11nac Example set wlan radio band 5GHz countr...

Page 1384: ...e Series R80 20 05 CLI Reference Guide 1384 set wlan radio Description Enable Disable the wireless radio Syntax set wlan radio off on Parameters Parameter Description mode Wireless radio mode Options off on Example set wlan radio off ...

Page 1385: ...able Disable the wireless radio per band in wireless models that contain a concurrent dual band option using two radio antennas Syntax set wlan radio band band off on Parameters Parameter Description band type Options 5GHz 2 4GHz mode Wireless radio mode Options off on Example set wlan radio band 5GHz off ...

Page 1386: ...ures advanced radio settings for the wireless radio Syntax set wlan radio advanced settings transmitter power transmitter power guard interval guard interval antenna antenna Parameters Parameter Description n a Example set wlan radio advanced settings transmitter power minimum guard interval short antenna auto ...

Page 1387: ...s models that contain a concurrent dual band option using two radio antennas Syntax set wlan radio band band advanced settings transmitter power transmitter power guard interval guard interval antenna antenna Parameters Parameter Description band type Options 5GHz 2 4GHz Example set wlan radio band 5GHz advanced settings transmitter power minimum guard interval short antenna auto ...

Page 1388: ...o SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1388 show wlan radio Description Shows configuration of the wireless radio Syntax show wlan radio Parameters Parameter Description n a Example show wlan radio ...

Page 1389: ...B 1500 Appliance Series R80 20 05 CLI Reference Guide 1389 show wlan statistics Description Shows statistics of the wireless radio Syntax show wlan statistics Parameters Parameter Description n a Example show wlan statistics ...

Page 1390: ...wlan vaps SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1390 wlan vaps ...

Page 1391: ...s were dual antennas are available during configuration of a wireless network the specific band for the network must be selected 2 4Ghz 5Ghz Syntax add wlan vap ssid ssid band band Parameters Parameter Description band Wireless radio transmitter Options 5GHz 2 4GHz ssid Wireless network name SSID Type A string that contains A Z 0 9 _ and space characters Example add wlan vap ssid My wireless band ...

Page 1392: ...00 Appliance Series R80 20 05 CLI Reference Guide 1392 delete wlan vaps Description Delete all existing wireless Virtual Access Points VAP Syntax delete wlan vaps Parameters Parameter Description n a Example delete wlan vaps ...

Page 1393: ...frames Description Enable or disable protection of 802 11 management frames Syntax set wlan vap wireless name advanced settings protected mgmt frames on off Parameters Parameter Description wireless name Name of the wireless network Type Press TAB to see available options on off on Enabled off Disabled Example set wlan vap cp7f7e5168 advanced settings protected mgmt frames off ...

Page 1394: ... as wireless password Syntax set wlan vap vap wpa auth type password set as mac with prefix prefix Parameters Parameter Description vap Name of the VAP that is being edited prefix The authentication type is password set as mac with prefix Example set wlan vap Guest1 wpa auth type password set as mac with prefix aaa ...

Page 1395: ...CLI Reference Guide 1395 show wlan vap wireless Description Show wlan vap wireless networks for which 802 11w is enabled Syntax show wlan vap wireless name Parameters Parameter Description wireless name Name of the wireless network Example show wlan vap MyWiFi ...

Page 1396: ...500 Appliance Series R80 20 05 CLI Reference Guide 1396 show wlan vaps Description Shows all Virtual Access points VAPs or wireless network Syntax show wlan vaps Parameters Parameter Description n a Example show wlan vaps ...

Page 1397: ... Appliance Series R80 20 05 CLI Reference Guide 1397 show wlan vaps statistics Description Shows statistics per Virtual Access Point Syntax show wlan vaps statistics Parameters Parameter Description n a Example show wlan vaps statistics ...

Page 1398: ...zero touch SMB 1500 Appliance Series R80 20 05 CLI Reference Guide 1398 zero touch ...

Page 1399: ...service Default zerotouch checkpoint com Type URL or IP address mode When the mode is set to on the appliance will constantly try to fetch configuration from the Zero Touch server if the First Time Configuration Wizard is not started Options on off Default on verify certificate When verify certificate is set to on the appliance will verify the SSL certificate of the Zero Touch server You are advis...

Page 1400: ...00 Appliance Series R80 20 05 CLI Reference Guide 1400 show zero touch Description Show the parameters configured for the Zero Touch service Syntax show zero touch Parameters Parameter Description n a Example show zero touch ...

Page 1401: ...e gateway will connect to the Zero Touch server and display the received configuration without enforcing it There is an option to store the configuration in the storage zt_ cfg clish file Syntax test zero touch request save config as file Parameters Optional Parameter Description save configuration as file Save received configuration to the storage zt_cfg clish file Example test zero touch request...

Reviews:

No comments

Related manuals for SMB 1500 Series

Fortinet FortiWiFi FortiWiFi-60A Quick Start Manual preview
FortiWiFi FortiWiFi-60A
Brand: Fortinet Pages: 2
ZyXEL Communications Unified Security Gateway ZyWALL 300 Specifications preview
Unified Security Gateway ZyWALL 300
Brand: ZyXEL Communications Pages: 4
PaloAlto Networks PA-4000 Series Hardware Reference Manual preview
PA-4000 Series
Brand: PaloAlto Networks Pages: 28
SonicWALL SuperMassive 9800 AC Installation Manual preview
SuperMassive 9800 AC
Brand: SonicWALL Pages: 2
SonicWALL SOHO Wireless Quick Start Manual preview
SOHO Wireless
Brand: SonicWALL Pages: 2
SonicWALL SMA 7210 Replacement And Installation preview
SMA 7210
Brand: SonicWALL Pages: 2
SonicWALL SSL-IA Hardware Manual preview
SSL-IA
Brand: SonicWALL Pages: 4
SonicWALL Secure Mobile Access 6210 Installation Manual preview
Secure Mobile Access 6210
Brand: SonicWALL Pages: 2
SonicWALL NSa 6700 Quick Start Manual preview
NSa 6700
Brand: SonicWALL Pages: 2
SonicWALL NSa 2700 Quick Start Manual preview
NSa 2700
Brand: SonicWALL Pages: 2
SonicWALL TZ 100 / 200 Quick Start Manual preview
TZ 100 / 200
Brand: SonicWALL Pages: 9
SonicWALL TZ 150 Wireless Getting Started Manual preview
TZ 150 Wireless
Brand: SonicWALL Pages: 37
SonicWALL TZ 190 User Manual preview
TZ 190
Brand: SonicWALL Pages: 46
SonicWALL SuperMassive 9800 Getting Started Manual preview
SuperMassive 9800
Brand: SonicWALL Pages: 76
SonicWALL SonicOS Enhanced 2.2 Administrator'S Manual preview
SonicOS Enhanced 2.2
Brand: SonicWALL Pages: 190

Brands by name

Popular brands

Load more brands