connections or VPN tunnels. However, with some IPsec tunnel changes, a reconfiguration will mean
the tunnels are lost and have to be reestablished because the tunnel SAs are no longer valid.
Checking Configuration Integrity
After changing a NetDefendOS configuration and before issuing the activate and commit
commands, it is possible to explicitly check for any problems in a configuration using the command:
gw-world:/> show -errors
This will cause NetDefendOS to scan the configuration about to be activated and list any problems.
A possible problem that might be found in this way is a reference to an IP object in the address book
that does not exist in a restored configuration backup.
Logging off from the CLI
After finishing working with the CLI, it is recommended to logout in order to avoid letting anyone
getting unauthorized access to the system. Log off by using the exit or the logout command.
Configuring Remote Management Access on an Interface
Remote management access may need to be configured through the CLI. Suppose management
access is to be through Ethernet interface if2 which has an IP address 10.8.1.34.
Firstly, we set the values for the IPv4 address objects for if2 which already exist in the
NetDefendOS address book, starting with the interface IP:
gw-world:/> set Address IP4Address if2_ip Address=10.8.1.34
The network IP address for the interface must also be set to the appropriate value:
gw-world:/> set Address IP4Address if2_net Address=10.8.1.0/24
In this example, local IP addresses are used for illustration but these could be public IPv4 addresses
instead.
Next, create a remote HTTP management access object, in this example called HTTP_if2:
gw-world:/> add RemoteManagement RemoteMgmtHTTP HTTP_if2
Interface=if2
Network=all-nets
LocalUserDatabase=AdminUsers
AccessLevel=Admin
HTTP=Yes
If we now activate and commit the new configuration, remote management access via the IPv4
address 10.8.1.34 is now possible using a web browser. If SSH management access is required then
a RemoteMgmtSSH object should be added.
The assumption made with the above commands is that an all-nets route exists to the ISP's gateway.
In other words, Internet access has been enabled for the NetDefend Firewall.
Managing Management Sessions with sessionmanager
The CLI provides a command called sessionmanager for managing management sessions
themselves. The command can be used to manage all types of management sessions, including:
2.1.4. The CLI
Chapter 2. Management and Maintenance
44
Содержание NetDefend DFL-1660
Страница 28: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 28 ...
Страница 88: ...2 6 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 88 ...
Страница 166: ...3 10 DNS Chapter 3 Fundamentals 166 ...
Страница 254: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 254 ...
Страница 268: ...5 4 IP Pools Chapter 5 DHCP Services 268 ...
Страница 368: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 368 ...
Страница 390: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 390 ...
Страница 414: ...8 3 Customizing Authentication HTML Pages Chapter 8 User Authentication 414 ...
Страница 490: ...9 8 6 Specific Symptoms Chapter 9 VPN 490 ...
Страница 528: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 528 ...
Страница 544: ...11 7 HA Advanced Settings Chapter 11 High Availability 544 ...
Страница 551: ...12 3 5 Limitations Chapter 12 ZoneDefense 551 ...
Страница 574: ...Default 512 13 9 Miscellaneous Settings Chapter 13 Advanced Settings 574 ...
Страница 575: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 575 ...