SCProute

SidewinderCommandLineInterfaceReferenceGuide8.
3.
xRevisionB2Tableofcontents1Aboutthecommandlineinterface.
3Aboutthecfcommand.
3Integratedmanualpages.
32Logonatthecommandlineinterface.
53Frequentlyusedcommands.
6Administratoraccounts.
6Anti-virus.
6Audit.
7Configurationbackups.
8DNS.
8Downloads.
9Emergencymaintenancemode(EMM)9Filesystem.
10Firewallself-diagnostics.
10Generalcfcommands.
11HighAvailability.
11Interfaces.
11Licensing.
12Manualpages.
12McAfeeEIA.
13Networking.
13NTP.
14Policy.
14Routing.
15Securityzonesandgroups.
16sendmail.
16Shutdown.
17Softwaremanagement.
17System.
18tcpdump.
19Technicalsupport.
19Texteditorsandviewers.
20TypeEnforcement.
20VPN.
204Availablecfareas.
22Aboutthecommandlineinterface|3AboutthecommandlineinterfaceIfyouareexperiencedwithUNIX,youcanusetheForcepointSidewindercommandlineinterfacetoconfigurethefirewallandperformtroubleshooting.
Thecommandlineinterfacesupportsmanyfirewall-specificcommandsaswellasstandardUNIXcommands.
Forexample,thecfcommandperformsawiderangeoffirewallconfigurationtasks.
Youcanaccessthecommandlineinterfaceusingthesemethods:LocallyattachedconsoleSSHTelnetFormoreinformationaboutthesemethods,seetheForcepointSidewinderProductGuide.
AboutthecfcommandThecf(configurefirewall)commandconfiguresvariousareassuchasrules,zones,andinterfaces.
YoucanusethecfcommandasanalternativetotheAdminConsoletoperformmostadministrationtasks.
Toaccomplishataskusingcf,combinethecfareawiththeappropriatecommand,optionalarguments,andoptionalkeys.
Formoreinformation,seeGeneralcfcommands.
Example:cfzonequerydisplaystheconfiguredsecurityzones.
Tip:YoucanusethecfcommandinscriptstoautomaterepetitiveconfigurationtasksortomakeconfigurationchangeswhentheAdminConsoleisnotavailable.
Thecfcommandsandkeysignoredashes,underscores,andcapitalletters.
Youcanshortenmostcommandsandkeys.
Example:Thesecommandsreturnthesameoutput:cfpolicyquerydest_zone=externalcfpolqdestz=externalNote:Keyvalues—texttotherightoftheequalssign—mightnotignoredashes,underscores,andcapitalletters.
Keyvaluesmightbeshortenedifitrepresentsanenumerationsuchasanobjectname.
Toviewalistofavailablecfareas,enter:cf-hRelatedreferenceGeneralcfcommandsonpage11Usethesecommandstoviewcfmanpagesandcontrolthebehaviorofcfcommands.
IntegratedmanualpagesThecommandlineinterfaceincludesintegratedmanual(man)pagesformostcommands.
Toviewamanpage,typemanfollowedbythenameofacommand,thenpressEnter.
Aboutthecommandlineinterface|4Example:manpingThemanpageforcfprovidesafulldescriptionofallareasavailableinthecfcommandandtheoptionsassociatedwitheacharea.
Toviewthemanpageforthecfcommand,enter:mancfToviewthemanpageforaspecificcfarea,enter:mancf_areaExamples:mancf_policymancf_interfaceTodisplayallcommandsrelatedtoaspecificcommand,enter:man-kcommandLogonatthecommandlineinterface|5LogonatthecommandlineinterfaceYoumustrunthesrolecommandbeforeyoucanusemostcommands.
1.
Atthelogonprompt,typeyourusername,thenpressEnter.
ThePasswordpromptappears.
2.
Typeyourpassword,thenpressEnter.
TheUserdomainpromptappears:firewall_name:User{1}%3.
EnterthesrolecommandtochangetotheAdmndomain.
4.
Whenyouarefinished,entertheexitcommandtoreturntotheUserdomain.
Frequentlyusedcommands|6FrequentlyusedcommandsThissectionlistsbasicUNIXcommandsandcommandsthatarespecifictoSidewinder.
Foradditionalinformationaboutacommand,refertothemanpage.
Foradditionaltroubleshootinginformation,seetheForcepointSidewinderProductGuide.
AdministratoraccountsUsethesecommandstomanageadministratoraccounts.
Table1:AdministratoraccountcommandsCommandDescriptionmancf_adminuserDisplaysthemanpageforcfadminuser.
cfadminuseraddusername=usernamepassword=passwordrole=admindirectory=/home/usernameCreatesanadministratoraccount.
cfadminuseraddusername=usernamepassword=passwordrole=adminrodirectory=/home/usernameCreatesaread-onlyuseraccount.
Note:Theadminroroleisavailableforfirewallsatversion8.
3.
2andlater.
cfadminuserdeleteusername=usernameDeletesanadministratoraccount.
cfadminusermodifyuser=usernamepassword=newpasswordChangesthepasswordforanadministratoraccount.
cfadminuserqueryDisplaystheadministratoruserdatabase.
Anti-virusUsethesecommandstomanagetheanti-virusfeature.
Table2:Anti-viruscommandsCommandDescriptionmancf_antivirusDisplaysthemanpageforcfantivirus.
cfantivirusqueryDisplaystheanti-virusconfiguration.
cfantivirusversionDisplaystheversionoftheanti-virusengineanddetectiondefinition(DAT)files.
cfdaemondrestartagent=virus-scanRestartstheanti-virusengine.
cfantivirusapplyavpatchpatch=patch_nameInstallsananti-virusenginepatchwithoutrestartingthefirewall.
cfantivirusdownloadDownloadsthelatestDATfiles.
Frequentlyusedcommands|7AuditUsethesecommandstoconfigureandviewaudit.
Table3:AuditcommandsCommandDescriptioncfaclsetloglevel=[1–4]Configurestheauditoutputlevelforrulestocontrolwhatislogged:1—Fatalerrorsonly2—[Default]Fatalerrors,majorerrors,anddeniedrules3—Fatalerrors,majorerrors,deniedrules,andallowedrules4—Everything(fortroubleshootingonly)Note:SeethePolicyareaforcommandsaboutrules.
acat>/var/tmp/audit.
txtWritesthecontentsofthebinary/var/log/audit.
rawfiletotheASCIItextfile/var/tmp/audit.
txt.
acat/var/log/audit.
raw.
time1.
time2.
gz>/var/tmp/audit.
txtWritesthecontentsofthespecifiedcompressedbinaryauditfiletotheASCIItextfile/var/tmp/audit.
txt.
acat–kShowsallauditsinrealtime.
acat_acls–dShowsauditsforpolicydeniesinrealtime.
acat_acls–aShowsauditsforpolicyallowsinrealtime.
acat–cDisplaysallthepossibleoptionsforasacap_filter.
showaudit–kpShowsnetprobeauditsinrealtime.
showaudit–kHX.
X.
X.
XShowsauditspertainingtotheIPaddressX.
X.
X.
Xinrealtime.
rollaudit–Rd–wRollslogfiles(suchasaudit.
raw).
cfdaemondenableagent=auditdbdEnablestheauditserver.
Reportswillnotgenerateuntilthisserverisenabled.
cfusageshowtype=report_namehours=[1–24]Displaysausagereportforthespecifiednumberofhours.
cfusageshowtype=report_namedays=[1–180]Displaysausagereportforthespecifiednumberofdays.
mancf_usageDisplaysthemanpageforcfusage.
Thisincludesthelistofusagereports.
cfpassportlistDisplaysthecurrentlyissuedPassports.
blackholedumpListsIPaddressesthatarecurrentlyblackholedbyauditresponsesandIPSresponses.
RelatedreferencePolicyonpage14Frequentlyusedcommands|8Usethesecommandstotroubleshootpolicyissues.
ConfigurationbackupsUsethesecommandstocreateandrestoreconfigurationbackups.
Table4:ConfigurationbackupcommandsCommandDescriptioncfconfigbackuploc=localfilename=filenamekey=passwordSavesaconfigurationbackupinthelocal/var/backups/repositorydirectory.
cfconfigbackuploc=USBfilename=filenamekey=passwordSavesaconfigurationbackuptoaUSBdrive.
cfconfigbackuploc=remoteaddress=destinationuser=usernamepassword=passwordkey=passwordSavesaconfigurationbackuptoaremotehostusingSCP.
cfconfigrestoreloc=locationfilename=filenamekey=passwordRestoresaconfigurationbackup;specifylocal,remote,orUSB.
cfconfigcompareto=filename1from=filename2Displaysthedifferencesbetweentwoconfigurationbackupfiles.
cfconfiggetinfolocation=local/usbfilename=filenameDisplaysmeta-informationaboutthespecifiedconfigurationbackup.
DNSUsethesecommandstoconfigureandtroubleshootDNS.
Table5:DNScommandsCommandDescriptioncfdnsqueryDisplaysthecurrentDNSserverconfiguration.
cfdnsstatusDisplaysthestatusofthefirewall-hostedDNSservers.
cfdaemondrestartagent=named-internetRestartstheInternetDNSserver.
cfdaemondrestartagent=named-unboundRestartstheunboundDNSserver.
cfdnsreloadReloadsDNSzoneandconfigurationfiles.
cfdnsdumpdbWritestheDNSdatabaseinmemorytothefilespecifiedbynamed.
conf.
cfdnstraceEnablesdebugtracingto/var/run/named.
run.
iand/var/run/named.
run.
u.
cfdnsnotraceDisablestracing.
hostnameDisplaysthefirewallhostname.
named-checkconf/etc/named.
conf.
[u/i]ChecksDNSconfigurationfilesyntax.
Frequentlyusedcommands|9CommandDescriptionnamed-checkzonezone/etc/namedb.
[i/u]/file.
dbChecksazonefileforcorrectsyntax.
dighost.
domain.
tldQueriesthedefaultDNSserverinformationabouthost.
domain.
tld.
dig@X.
X.
X.
Xhost.
domain.
tldQueriestheDNSserveratX.
X.
X.
Xforinformationabouthost.
domain.
tld.
digzoneMXQueriesfortheMXrecordofthespecifiedzone.
dig–xX.
X.
X.
XQueriesforthePTRrecordofthespecifiedIPaddress.
tail–f/var/log/daemon.
logDisplayslogspertainingtoDNSinrealtime.
tail–f/var/log/daemon.
log|grepnamedDisplayslogsfornamedinrealtime.
less/etc/named.
conf.
[i/u]ViewstheconfigurationfileforInternet/unboundDNS.
ls/etc/namedb.
[i/u]ListsthedirectorycontainingInternet/unboundzones(.
db).
DownloadsUsethesecommandstodownloadtheapplicationdatabase,Geo-Locationdatabase,andIPSsignatures.
Table6:DownloadcommandsCommandDescriptioncfappdbdownloadDownloadsthelatestapplicationdatabase.
cfappdbversionDisplaysthecurrentversionoftheapplicationdatabase.
cfappdbrollbackRevertstothepreviouslydownloadedapplicationdatabase.
cfgeolocationdownloadDownloadsthelatestGeo-Locationdatabase.
cfgeolocationversionDisplaysthecurrentversionoftheGeo-Locationdatabase.
cfipsdownloadDownloadsIPSsignatures.
cfmessageloadDownloadsthelatestmessagesfromForcepoint.
cfmessageversionDisplaysthecurrentversionoftheloadedmessagesfromForcepoint.
cfmessagelistDisplayscurrentmessagesfromForcepoint.
Emergencymaintenancemode(EMM)Usethesecommandstoenteranduseemergencymaintenancemode.
Table7:EmergencymaintenancemodecommandsCommandDescriptionshutdownnowEntersemergencymaintenancemode(EMM).
cfpolicyrestore_console_accessRestoresdefaultAdminConsoleandLoginConsoleruleswhenyouarelockedoutofthefirewall.
Frequentlyusedcommands|10CommandDescriptionless/var/run/dmesg.
bootDisplaysthelogofsystemmessagesfromthekernel.
mount–aMountsallfilesystemsin/etc/fstab.
fsckChecksallfilesystemslistedin/etc/fstab.
FilesystemUsethesecommandstodisplayfreespaceandfindfilesinthefilesystem.
Table8:FilesystemcommandsCommandDescriptiondf–hDisplaysfreediskspace.
du–a/|sort–nr|moreDisplaysfilesanddirectoriessortedfromlargesttosmallest.
find/–typef–name"*name*"Findsfilesthatincludethetextnameinthefilename.
find/–typef–name"*.
core*"Findsapplicationcorefiles.
ls/var/log/crashDisplayskernelcrashfiles(vmcore.
.
gz).
Firewallself-diagnosticsUsethesecommandstomanagethefirewallself-diagnosticsfeature.
Table9:Firewallself-diagnosticscommandsCommandDescriptioncfmonitordqueryDisplaysthecurrentmonitordconfiguration.
cfmonitordsethot_process_threshold=percentageSetstheCPUusagethresholdforprocesses.
Iftheprocessreachesthatvalue,itisconsideredahotprocess.
cfmonitordsethot_process_audit=on/offWhenenabled,generatesauditorsendanalertwhenaprocessgoeshotovertheconfiguredhot_process_audit_duration.
cfmonitordsethot_process_audit_duration=minutesSetsdurationtowaitbeforegeneratingauditorsendinganalertaboutthehotprocess.
cfmonitordsethot_process_diagnostic=on/offWhenenabled,restartsthehotprocessandgeneratesdiagnosticiftheprocesscontinuestobehotovertheconfiguredhot_process_diagnostic_duration.
cfmonitordsethot_process_diagnostic_duration=minutesSetsdurationtowaitbeforegeneratingdiagnosticsandrestartingthehotprocess.
Frequentlyusedcommands|11GeneralcfcommandsUsethesecommandstoviewcfmanpagesandcontrolthebehaviorofcfcommands.
Table10:cfcommandsCommandDescriptionmancfDisplaysthemanpageforcf.
mancf_areaDisplaysthemanpageforthespecifiedcfarea.
cfareacommandRunsthespecifiedcommand.
cf–iticketIDareacommandMarksthechangescausedbythecommandwiththespecifiedticketID.
cfareaqueryDisplaysthecurrentconfigurationofthespecifiedcfarea.
cf–optionareaqueryModifiestheoutputofthequerycommandbasedonthespecifiedoption:ddelimiter—Displaystheoutputonasingleline,separatingeachelementusingthespecifieddelimiter.
J—Displaystheoutputonasingleline,whichisusefulforpipingittoanothercommand,suchasgrep.
Kkey1,key2—Displaysoutputforthespecifiedkeysonly.
T—Formatstheoutputinatablethatcontainsonecolumnperkey.
HighAvailabilityUsethesecommandstoconfigureandtroubleshootHighAvailability.
Table11:HighAvailabilitycommandsCommandDescriptionmancf_clusterDisplaysthemanpageforcfcluster.
cfclusterfailover_statusDisplaysstatusofthefailoverdaemon.
cfclusterstatusDisplaysthecurrentregistrationanddaemonstatusofthecluster.
cfclusterqueryDisplayspeerreservationsandglobalclustersettings.
tcpdump–pRunstcpdumponaload-sharingHighAvailabilitycluster.
InterfacesUsethesecommandstoconfigurenetworkinterfaces.
Table12:NetworkinterfacecommandsCommandDescriptionmancf_interfaceDisplaysthemanpageforcfinterface.
cfinterfaceqDisplaysthenetworkinterfaceandNICconfiguration.
Frequentlyusedcommands|12CommandDescriptioncfinterfacemodifyname=nameaddresses=IP1/netmask,IP2/netmaskModifiestheIPaddressesassignedtothespecifiedinterface.
cfinterfacemodifyname=namezone=zonenameAssociatestheinterfacewiththespecifiedzone.
cfinterfaceswaphwdevice=NICname1swap_hwdevice=NICname2SwapsconfigurationsettingsbetweentwoNICs,includingtheIPaddress,zones,aliases,andotherconfiguredattributesassociatedwiththeNIC.
cfinterfacemodifyentrytype=nicname=NICnameiftype=mediatypeSetsthemediatypefortheNIC,suchasautoselector1000baseTX.
LicensingUsethesecommandstoviewandconfigurethefirewalllicense.
Table13:LicensingcommandsCommandDescriptioncflicensefeaturesPrintsalistofthecurrentlylicensedfeatures.
cflicenseqShowsthecurrentlicenseconfiguration.
cflicensegetRetrievesmasterkeybasedonlicenseconfiguration.
cflicensesystemIDDisplaysthesystemIDsavailabletobeusedforlicenseactivation.
OnlyonesystemIDcanbeusedtoactivate.
cflicensereadfile=filenameReadsthelicensefromafileformanualactivation.
ManualpagesUsethesecommandstofindandviewmanualpages.
Table14:ManualpagecommandsCommandDescriptionmancommandDisplaysthemanpageforthespecifiedcommand.
mancf_commandDisplaysthemanpageforthespecifiedcfarea.
man–ktermListsallmanpagesthatincludethespecifiedterm.
Note:Thiscommanddoesnotreturncfcommands.
Frequentlyusedcommands|13McAfeeEIAUsethesecommandstotroubleshootMcAfeeEndpointIntelligenceAgent(McAfeeEIA).
Note:TheMcAfeeEIAcommandsareavailableforfirewallsatversion8.
3.
2andlater.
IfyouareusingMcAfeeNetworkIntegrityAgentwithafirewallatversion8.
3.
1orearlier,seethemanpageforcf_nia.
Table15:McAfeeEIAcommandsCommandDescriptioncfeiasetenabled=yes/nodeploy_mode=static/dynamicEnablesordisablestheMcAfeeEIAfeature.
Deploymentmodeisstaticordynamic.
cfeiaqueryDisplaystheMcAfeeEIAconfiguration.
cfeiaqueryallDisplaystheconfigurationsettingsandentriesmadeonthediscoveryandexecutablelists.
cfeiaimportexecutablefilename=filenameAllowstheclassificationexecutableentriestobeimportedfromafile.
cfeiaquerydiscovery_listIndynamicdeployment,displaystheentriesinthediscoverylists.
cfeiaqueryexecutable_listDisplaystheentriesintheexecutableclassificationlists.
cfeiapurgediscovery_listRemovesallentriesfromthehostdiscoverylists.
cfeiapurgeexecutable_listRemovesallentriesfromtheexecutableclassificationlists.
cfeiaflushgti_cacheRemovesallMcAfeeGlobalThreatIntelligence(McAfeeGTI)filereputationentriesfromthelocalfirewallcache.
NetworkingUsethesecommandstoviewnetworkinginformationandtroubleshootnetworkingproblems.
Table16:NetworkingcommandsCommandDescriptionnetstat–inDisplaysstatisticsfornetworkinterfaces.
Tip:Seemannetstatforadditionalflags.
netstat–Iinterface–w5Showslivestatisticsforthespecifiednetworkinterfaceeveryfiveseconds.
ifconfig–aShowscurrentnetworkinterfaceparameters.
ifconfigbridge0etherShowstheMACaddresstableforthetransparentinterface,ifconfigured.
cfinterfaceqDisplaysthenetworkinterfaceandNICconfiguration.
pingX.
X.
X.
XPingsthespecifiedIPaddressfromthefirewall.
arp–aShowsARPtables.
Frequentlyusedcommands|14CommandDescriptionTip:ToaddastaticARPentry,seemanarp.
conf.
arp–dhostnameClearsthespecifiedARPentryfromthefirewall.
NTPUsethesecommandstoconfigureandtroubleshoottheNTP(NetworkTimeProtocol)server.
Table17:NTPcommandsCommandDescriptioncfntpqueryDisplaystheNTPconfiguration.
cfdaemondrestartagent=ntpRestartstheNTPserverforthespecifiedzone.
ntpdate–butime_serverIPForcesimmediatesynchronizationwiththespecifiedNTPserver.
tcpdump–npiinterfaceudpport123CapturesNTPtraffic(UDPport123)onthespecifiednetworkinterface.
ntpqStartsthespecialNTPqueryprogram.
Note:Seemanntpqfordetails.
PolicyUsethesecommandstotroubleshootpolicyissues.
Table18:PolicycommandsCommandDescriptionmancf_policyDisplaysthemanpageforcfpolicy.
cfpolicyq|lessDisplaystheaccesscontrolrules.
cfappdblistDisplaystheapplicationsintheapplicationdatabasethatiscurrentlyloaded.
cfapplicationqueryDisplayscustomapplications.
cfappgroupqueryDisplaysapplicationgroups.
cfgeolocationlistDisplaysGeo-Locationcountriesandcorrespondingcountrycodes.
cfserverstatusDisplayswhichserversarerunning.
cfagentqueryDisplaystheagentsandtheirglobalproperties.
cfappfilterqueryDisplaysallApplicationDefenses.
ipfilter–vDisplaystheipfilterdatabasecurrentlyusedbythekernel.
cfpolicyreloadReloadstheipfilterdatabasebeingusedbythekernel.
Frequentlyusedcommands|15CommandDescriptionCAUTION:Activesessionswillbedropped.
cfpolicyrepairRepairsthepolicydatabase.
cfpolicyrestore_console_accessRestoresdefaultAdminConsoleandLoginConsoleruleswhenyouarelockedoutofthefirewall.
Tip:Ifyouareunabletologontoyourfirewall,runthiscommandfromemergencymaintenancemode.
SeeEmergencymaintenancemode(EMM).
cfpolicyexport>filenameWritesthecurrentpolicyconfigurationtoatab-delimitedfilethatcanbeimportedintoMicrosoftExcel.
cfsslquerytable=ruleDisplaystheSSLrules.
RelatedreferenceEmergencymaintenancemode(EMM)onpage9Usethesecommandstoenteranduseemergencymaintenancemode.
RoutingUsethesecommandstoconfigureandtroubleshootstaticroutes.
Table19:RoutingcommandsCommandDescriptionroute–ngetdestinationDisplaysthegatewayusedtoreachthespecifieddestination.
route–ngetdefaultDisplaysthedefaultroute.
traceroute–ndestinationDisplaystheroutepacketstaketoreachthespecifieddestination.
Tip:ForIPv6addresses,usetraceroute6.
netstat–nrDisplaystheroutingtables,includingstaticroutesandlearnedroutes.
Zonesareidentifiedbyindex.
cfroutestatusDisplaystheroutingtables,includingstaticroutesandlearnedroutes.
Zonesareidentifiedbyname.
cfroutequeryDisplaystheconfiguredstaticroutes.
cfrouteaddroute=host/maskgateway=gatewayAddsastaticroute.
cfroutedeleteroute=host/maskDeletesthespecifiedroute.
Frequentlyusedcommands|16SecurityzonesandgroupsUsethesecommandstomanagezonesandzonegroups.
Table20:ZonecommandsCommandDescriptioncfzonequeryDisplayszoneconfiguration.
cfzonedeletename=nameDeletesthespecifiedzone.
Note:Azonecannotbedeletedifitisreferencedbyanyactivepolicy.
cfzoneaddname=namemodes=0–63Addsanewzone.
Note:Forinformationaboutmodes,seemancf_zone.
regionDisplaysthezoneindexes.
cfzonemodifyname=namenewname=newnameChangesthenameofthespecifiedzone.
cfzonegroupqueryDisplayszonegroupconfiguration.
cfzonegroupdeletename=nameDeletesthespecifiedzonegroup.
Note:Azonegroupcannotbedeletedifitisreferencedbyanyactivepolicy.
cfzonegroupaddname=namemembers=zone1,zone2Createsazonegroup.
cfzonegroupmodifyname=namemembers=zone1,zone2,zone3Addszonestoazonegroup.
sendmailUsethesecommandstotroubleshootsendmailissues.
Table21:sendmailcommandsCommandDescriptioncfsendmailflushqueue=zoneFlushesthemailqueueforthespecifiedzone.
cfsendmailrebuildRebuildsthesendmaildatabasefiles.
cfdaemondrestartagent=sendmailRestartsthesendmailserver.
cfserverstatussendmailDisplaysifsendmailisrunningandinwhichzones.
mailqDisplaysthemailqueues.
tail–f/var/log/maillogDisplaysthemailloginrealtime.
netstat–na|grepLISTEN|grep25Displayslistensonport25.
Frequentlyusedcommands|17CommandDescriptionls/var/spool/mqueue.
#Displaysdirectoryforqueuedmail.
newaliasesRebuildsthe/etc/aliasesfile.
telnetX.
X.
X.
X25ConnectstoamailserverIPaddressonport25totestSMTPconnectivity.
psssendmail|grep-csendmailDisplaysthenumberofsendmailprocessesrunning.
psssendmailDisplaysifsendmailisacceptingconnections.
ShutdownUsethesecommandstoshutdownthefirewall.
Table22:ShutdowncommandsCommandDescriptionshutdown–rnowRestartsthefirewallimmediately.
shutdown–hnowHaltsthefirewallimmediately.
shutdown–pnowTurnsofftheapplianceimmediately.
shutdown–snow+30Schedulesasoftshutdownonaload-sharingfirewalltodirectallconnectionstotheotherfirewall.
Thefirewallwillshutdownin30minutes.
shutdownnowCausesthefirewalltoenteremergencymaintenancemode.
SoftwaremanagementUsethesecommandstomanagesoftwarepackages.
Table23:SoftwaremanagementcommandsCommandDescriptionmancf_packageDisplaysthemanpageforcfpackage.
cfpackagelistDisplaysasummaryofinstalledandloadedsoftwarepackages.
cfpackageloadsource=sourcepackages=package_nameDownloadsthespecifiedpackage.
cfpackageinstallpackages=package_nameInstallsthespecifiedpackage.
cfpackageuninstallpackages=package_nameUninstallsthespecifiedpackage.
cfpackageloadsource=cdrompackages=package_nameLoadsapackagefromaCDinthefirewallopticaldrive.
uname–rDisplaystheversionandpatchlevel.
Frequentlyusedcommands|18SystemUsethesecommandstotroubleshootfirewallsystemissues.
Table24:SystemcommandsCommandDescriptiontopDisplaystopCPUprocesses.
UsethesecommandstoviewCPUstatistics.
top–P—DisplaysperCPUusagestatistics.
top–S—DisplaysconsolidatedCPUusagestatistics.
mannetstatDisplaysthemanpagefornetstat.
netstat–naDisplaysopenports.
netstat–naptcpDisplaysopenTCPports.
lsof–nPi:port#Displayslistensonthespecifiedport#inadifferentformatthannetstat.
sockstat–4lpport#Displayslistensonthespecifiedport#inadifferentformat.
netstat–mDisplaysmemorymanagementinformation.
netstat–nafinetDisplaysallIPv4socketsandconnections.
nestat–nafinet6DisplaysallIPv6socketsandconnections.
netstat–Ana|grepLISTENOutputsprocesseswithaPCBnumber.
Note:Runfstat|grepPCB#tofindtheprocessresponsibleforalisten.
uptimeDisplayssystemuptimesincethelastrestart.
vmstatDisplaysvirtualmemorystatistics.
connect_monDisplaysthenumberofcurrentconnectionsbyservice.
pss|moreDisplaysallrunningprocesses.
pssprocess_nameFindsaspecificprocessanditsprocessID.
dmesgDisplayssystemandhardwareinformationfromthesystembuffer.
kill–HUPpid#RestartsaprocesswithoutchangingtheprocessID.
killpid#TerminatestheprocesswithspecifiedprocessID.
kill–9pid#ForcesaterminationoftheprocesswiththespecifiedprocessID.
setconsoledeviceSelectstheprimaryconsoledevice.
Theavailabledevicesarevideo,serial,both,ordefault(whichisboth).
cfhostnamesetname=newhostnameChangesthefirewallhostname.
Note:Ifyouchangethehostname,additionalconfigurationchangesarealsorequired.
Fordetailedinstructions,seeKnowledgeBasearticle8888.
Frequentlyusedcommands|19tcpdumpUsethesecommandstocapturenetworktraffic.
Table25:tcpdumpcommandsCommandDescriptionmantcpdumpDisplaysthemanpagefortcpdump.
Tip:Seealsohttp://www.
tcpdump.
org.
tcpdump–npiem0hostX.
X.
X.
XDisplayspacketsonthespecifiedinterfacesenttoorreceivedfromthespecifiedhost.
tcpdump–npiem0–Xs1500portyDisplaysupto1,500bytesofpacketheaders(exceptlinklevel)andpacketdataforthespecifiedportonthespecifiedinterface.
tcpdump–npiem0–wfilenameWritesarawpacketdumptofilenameinthecurrentworkingdirectory.
tcpdump–npiem0–wfilename–s0Capturesallbytesandwritesarawpacketdumptofilenameinthecurrentworkingdirectory.
tcpdump–pRunstcpdumpinnon-promiscuousmode.
TechnicalsupportThesecommandsmightbeusefulwhenyoucontacttechnicalsupport.
Table26:TechnicalsupportcommandsCommandDescriptionktrace–ppid#StartsatraceoftheprocesswiththespecifiedprocessID.
ktrace–cpid#Stopsaprocesstrace.
kill–6pid#Terminatesaprocessanddumpsacorefileoftheprocess.
sysctl-wkern.
corefile='%N.
core.
%P'ConfiguresthefirewalltoincludetheprocessIDinthefilenameofcorefiles.
Allowsmultiplecorefilestocoexistwithoutoverwritingeachother.
Note:Usesysctl-wkern.
corefile='%N.
core'toreturntothepreviousoperatingmode.
Frequentlyusedcommands|20TexteditorsandviewersUsethesecommandstoviewandedittextfiles.
Table27:TexteditorandviewercommandsCommandDescriptionvifilenameEditsthespecifiedfilewithvi.
emacsfilenameEditsthespecifiedfilewithemacs.
lessfilenameViewsthecontentsofthespecifiedtextfile.
viewfilenameViewsthecontentsofthespecifiedtextfilewitharead-onlyversionofvi.
catfilenameCreatesordisplaysthespecifiedfile.
editfilenameEditsthespecifiedfilewithedit.
TypeEnforcementUsethesecommandstoviewandmodifyTypeEnforcement.
Table28:TypeEnforcementcommandsCommandDescriptionll(lowercaseL)DisplaysTypeEnforcementforthefilesinthecurrentdirectory.
ps–axZDisplaysTEdomaininformation.
chtypecreator:typefilenameChangestheTypeEnforcementforafile.
VPNUsethesecommandstoviewandtroubleshootVPNs.
Table29:VPNcommandsCommandDescriptioncfipsecqDisplaysallconfiguredVPNs.
cfipsecpolicydumpDisplaysactiveVPNs.
cfipsecreload[flush=1]Flushesallexistingkeysandpolicy,thenreloadstheVPNs.
Note:ThiscommandclosesallopenVPNconnections.
cfpoolqDisplaysclientaddresspools.
showaudit–vkDisplaysauditspertainingtoVPNsinrealtime.
netstat–na|grep500Displayslistensforport500(ISAKMP)connections.
Frequentlyusedcommands|21CommandDescriptiontcpdump–npiem0udpport500orproto50orproto51DisplaysISAKMP,ESP(IPProto50),orAH(IPProto51)trafficonnetworkinterfaceem0.
tcpdump-npiem0udpport4500DisplaysNAT-Ttrafficonnetworkinterfaceem0.
Availablecfareas|22AvailablecfareasThefollowingtableliststhecfareas,showingtheprimarycommandsavailableforeacharea.
Table30:AvailablecfareascfareaAreadescriptionacceleratorManagescryptographicaccelerationdevices.
aclManagestheaccesscontrollist(ACL)daemon.
adminuserManagesadministratoraccounts.
agentConfiguresglobalagentattributesforproxies,servers,andfilters.
antivirusManagestheanti-virusengineandthevirusscanningservice.
appdbManagestheapplicationdatabase.
appfilterManagesindividualApplicationDefensesandApplicationDefensegroups.
appgroupManagesapplicationgroups.
applicationManagescustomapplications.
auditConfiguresauditing,includingauditbot(response),email,filteroptions,andnetworkdefenses.
authManagesauthenticators.
catgroupsManagesIPSsignaturegroups.
certManagescertificates,privatekeys,andcertificateidentities.
clusterDisplaysthecurrentstatusandconnectionstateofaHighAvailabilityclusterandregistersasecondary/standbytoaHighAvailabilityclusterprimary.
cmdConfiguresglobalsettingsforthecertificatemanagementserveronthefirewall.
commandcenterManagesregistrationwithaForcepointSidewinderControlCenterManagementServer.
configCreatesandrestoresconfigurationbackups.
crontabConfiguresthestatus(enabled/disabled)andfrequencyoftheavailablecronjobs.
Note:Forinformationondefaultcronjobs,seeKnowledgeBasearticle9226.
daemondConfiguresdaemondandstopsorrestartsagents.
Note:Disabledagentsremainstoppeduntilthenextpolicyapply.
Apolicyapplyoccurseverytimeachangetorules,ruleelements,orthesystemclockissaved.
dhcrelayManagestheDHCPRelayagent,whichforwardsDHCPandBOOTPrequestsfromonesubnettoanother.
dnsManagesfirewallDNSsettings.
domainManagesdomainnetworkobjects.
eiaManagesMcAfeeEIA.
Thisareaisavailableforfirewallsatversion8.
3.
2andlater.
Availablecfareas|23cfareaAreadescriptionNote:Forfirewallsatversion8.
3.
0or8.
3.
1,usetheniacfcommand.
epoManagesMcAfeeePolicyOrchestratorsettings.
exportManagestheauditexportutility.
externalgroupManagesexternalauthenticationgroups.
fipsEnablesanddisablesFIPS140-2compliancemode,andexaminesthedefault_SSL_certtoverifyFIPS140-2compliance.
geolocationManagesGeo-LocationnetworkobjectsandgeneralGeo-Locationsettings.
hostManageshostnetworkobjects.
hostnameManagesthefirewallhostname.
Note:Ifyouchangethehostname,additionalconfigurationchangesarealsorequired.
Fordetailedinstructions,seeKnowledgeBasearticle8888.
idsManagestheshunningservice.
AvailablesettingsincludeIDSentriesthatspecifyanIPaddressofanIDS(IntrusionDetectionServer),asharedpassword,andatimeoutvaluethatidentifiestheamountofsecondstoshunanIPaddress.
interfaceManagesnetworkinterfaces.
ipaddrManagesIPaddressnetworkobjects.
iprangeManagesIPaddressrangenetworkobjects.
ipsManagesIPSsignatures.
Note:ThisisdifferentfromIPSAttackResponses,whicharecontrolledusingcfaudit.
ipsecManagesVPNdefinitions.
ipsresponseManageshowthefirewallrespondsifitssignature-basedIPSinspectiondetectsanintrusion.
ipssigEnablesordisablesindividualIPSsignatures.
knownhostsManagestheSSHknownhostsdatabase.
lcaManagesthelocal(firewall-hosted)certificateauthority.
Thisfeatureisnotwidelyused.
licenseManagesthefirewalllicense.
messageDisplaysandmanagessettingsformessagesfromForcepoint.
monitordManagessettingsforidentifyingandactingonCPU-intensiveprocesses.
netgroupManagesnetworkobjectgroups(netgroups).
netmapManagesnetmapnetworkobjects.
niaManagesMcAfeeNetworkIntegrityAgentsettings.
Thisareaisavailableforfirewallversion8.
3.
0or8.
3.
1.
Note:Forfirewallsatversion8.
3.
2andlater,usetheeiacfcommand.
Availablecfareas|24cfareaAreadescriptionntpManagestheNTP(NetworkTimeProtocol)server.
packageManagessoftwarepackages.
Note:Avoidusingautorunandautoload,astheyrequirespecificparameterstorun.
Useinstall,uninstall,androllbackinstead.
passportManagesthePassportauthenticator.
policyManagesrulesandrulegroups,andexportsruleelements.
poolManagesclientaddresspoolsusedfordynamicclientaddressinginIPsecVPNdefinitions.
qosManagesQualityofService(QoS)policy.
reportsManagesauditreports.
routeManagesstaticnetworkroutes.
sendmailProvideslimitedutilitiesforsendmail,includingrebuildingdatabasefilesandflushingqueues.
serverDisplaysserverstateinformation.
snmpManagesSimpleNetworkManagementProtocol(SNMP)settings.
smartfilterManagesSmartFilterwebfilteringsettings.
sslManagesSSLrulesandassignsSSLcertificatesforfirewalladministrativesessions(forexample,AdminConsoleconnections).
subnetManagessubnetnetworkobjects.
timeperiodManagestimeperiodobjects.
timezoneConfiguresthetimezone.
trustedsourceManagesMcAfeeGlobalThreatIntelligence(McAfeeGTI)settings.
udbManagestheauthenticationuserdatabase.
upsManagesuninterruptiblepowersupply(UPS)settings.
urltranslationManagesURLtranslationrules.
usageDisplaysusagereports.
usergroupManagesusergroupsthatarestoredintheuserdatabase.
uttManagestheUDPtoTCPtunnelconfiguration.
zoneManagessecurityzones.
zonegroupManagessecurityzonegroups.