Download Complete PDF Send Feedback Print This Page

Previous

Synchronize Contents

Mobile Access Commands

Related Topics

cvpn_ver

listusers

cvpnstop

cvpnstart

cvpnrestart

cvpnd_admin

cvpnd_settings

deleteUserSettings

ics_updates_script

rehash_ca_bundle

admin_wizard

cvpn_ver

Description Shows the version of the Mobile Access Software Blade. Use with fw ver -k to get all version details.

Usage cvpn_ver

listusers

Description Shows a list of end-users connected to the gateway, along with their source IP addresses.

Usage listusers

cvpnstop

Description Stops all Mobile Access blade services.

Usage cvpnstop

Notes: While this command does not terminate sessions, it closes all TCP connections. End-users might lose their work

cvpnstart

Description Starts all Mobile Access blade services.

Usage cvpnstart

cvpnrestart

Description Restarts all Mobile Access blade services.

Usage cvpnrestart [--with-pinger]

Parameters

Parameter

Description

--with-pinger

Restarts the ‘pinger’ service, responsible for ActiveSync and Outlook Web Access push mail notifications.

Notes: While this command does not terminate sessions, it closes all TCP connections. End-users might lose their work

cvpnd_admin

Description A utility to change the behavior of the Mobile Access cvpnd process.

Usage cvpnd_admin [policy [hard] | [debug [off | set… | trace]]

Parameters

Parameter

Description

policy

Updates the Mobile Access services according to the current policy. For Apache services, each httpd process waits until its current request is finished, then exits.

policy hard

Updates the Mobile Access services according to the current policy. For Apache services, all httpd processes exit immediately, terminating current http requests.

debug set TDERROR_ALL_ALL=5

Enables all cvpnd debug output for the running cvpnd process. The output is in $CVPNDIR/log/cvpnd.elg.

Note: Enabling all debug topics might have a small effect on performance.

debug off

Disables all cvpnd debug output.

debug trace on

debug trace users=username

The TraceLogger feature generates full captures of incoming and outgoing authenticated Mobile Access traffic. The output is in: $CVPNDIR/log/trace_log/.

 

debug trace on - Enables the TraceLogger feature for all users.

debug trace users=<username> - Enables the TraceLogger feature for a specified username

Important Notes:

1. The TraceLogger feature has a major effect on performance, because all traffic is saved as files.

2. The feature uses a lot of disk space. After a maximum number of files is output, the oldest files are removed from the disk, which also has a performance cost.

3. TraceLogger creates a security concern: end-user passwords sent to internal resources might appear in the capture files.

appMonitor status

Shows the status of the Application Monitor feature. The application monitor is a software component that monitors internal servers to track their up time.

If problems are found, a system alert log is created.

This command lists the applications monitored by the Application Monitor and their status.

cvpnd_settings

Description Changes a Mobile Access gateway's local configuration file, cvpnd.C.

Usage cvpnd_settings <get|set|add|listAdd|listRemove> <Attribute-Name> [Attribute-Value]

Parameters Run: cvpnd_settings –h for a full explanation of the parameters.

Important - Changes made by the cvpnd_settings command are not saved in gateway upgrades. Keep a backup of your cvpnd.C file after you make manual changes.

deleteUserSettings

Description Deletes all persistent settings (favorites, cookies, credentials) of one or more end-users.

Usage deleteUserSettings [-s] <username1> [<username2> ...]

Parameters

Parameter

Description

-s

Runs in silent mode with no output to the end-user's screen.

ics_updates_script

Description Manually starts an Endpoint Security on Demand (ESOD) update on the gateway. Use this script to troubleshoot ESOD updates.

Usage $CVPNDIR/bin/ics_updates_script <ICS_updates_file_path>

Notes:

  • The script requires an ESOD update package on the gateway.
  • Usually this script is not necessary and you start updates from SmartDashboard. Go to Mobile Access tab > Endpoint Security on Demand > Endpoint Compliance Updates > Update Database Now.
  • Be careful not to run other scripts with the name ics_updates_script, for example, the one in $FWDIR/bin/.

rehash_ca_bundle

Description Imports all of the Certificate Authority (CA) files from the $CVPNDIR/var/ssl/ca-bundle/ directory into the Mobile Access trusted CA bundle.

The trusted CA bundle is used when the Mobile Access gateway accesses an internal server (such as OWA) through HTTPS. If the SSL server certificate of the internal server is not trusted by the gateway, the gateway responds based on the settings for the Internal Web Server Verification feature. The default setting is Monitor.

To accept certificates from a specified server, add its server certificate CA to the CA bundle.

Usage rehash_ca_bundle

admin_wizard

Description Tests connectivity to websites and Exchange server services.

  • For websites: It tests connectivity to the website.
  • For Exchange servers: It tests the response from an Exchange server. It also finds the address protocol (HTTP or HTTPS) and authentication method(Basic or NTLM) of the Exchange server services.

Usage

  • For websites: admin_wizard wizard <website address>
  • For Exchange servers: admin_wizard  exchange_wizard <Exchange server address> <user name> <password> [<parameters>]

Parameters

To enter more than one item within a parameter, separate items with a comma. For example: as,owa

Parameter

Description

[-t <as|ews|owa|all>]

Select the services to test on the Exchange server:

  • as - Test ActiveSync
  • ews -Test Exchange Web Services
  • owa - Search for the Outlook Web Application address of the Exchange server
  • all - Test all of the above services (default)

[-d <dns servers>]

Enter DNS servers

[-x <proxy servers>]

Enter proxy servers

[-c <username:password>]

Enter a user name and password for proxy authentication

[-n]

Allow only NTLM authentication instead of Basic and NTLM

[-m <domain name>]

Enter a user domain name

[-s <ActiveSync path>]

Test a specified ActiveSync service path (default: /Microsoft-Server-ActiveSync)

[-e <EWS path>]

Test a specified Exchange Web Services service path, (default: /EWS/Exchange.asmx)

[-f <file name>]

Write the results to a file

[-r]

Send a request with the configured: proxy, DNS, HTTP protocol, and authentication method.

If [-n] is included, then NTLM authentication method is used. If not, only Basic is used.

[-v]

Make the HTTP requests verbose. The verbose result files go to $CVPNDIR/log/trace_log/

[-p]

Validate the SSL certificate of the web server

 
Top of Page ©2013 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print