Mobile Access Commands
cvpn_ver
Description Shows the version of the Mobile Access Software Blade. Use with fw ver -k to get all version details.
Usage cvpn_ver
listusers
Description Shows a list of end-users connected to the gateway, along with their source IP addresses.
Usage listusers
cvpnstop
Description Stops all Mobile Access blade services.
Usage cvpnstop
Notes: While this command does not terminate sessions, it closes all TCP connections. End-users might lose their work
cvpnstart
Description Starts all Mobile Access blade services.
Usage cvpnstart
cvpnrestart
Description Restarts all Mobile Access blade services.
Usage cvpnrestart [--with-pinger]
Parameters
Parameter
|
Description
|
--with-pinger
|
Restarts the ‘pinger’ service, responsible for ActiveSync and Outlook Web Access push mail notifications.
|
Notes: While this command does not terminate sessions, it closes all TCP connections. End-users might lose their work
cvpnd_admin
Description A utility to change the behavior of the Mobile Access cvpnd process.
Usage cvpnd_admin [policy [hard] | [debug [off | set… | trace]]
Parameters
Parameter
|
Description
|
policy
|
Updates the Mobile Access services according to the current policy. For Apache services, each httpd process waits until its current request is finished, then exits.
|
policy hard
|
Updates the Mobile Access services according to the current policy. For Apache services, all httpd processes exit immediately, terminating current http requests.
|
debug set TDERROR_ALL_ALL=5
|
Enables all cvpnd debug output for the running cvpnd process. The output is in $CVPNDIR/log/cvpnd.elg.
Note: Enabling all debug topics might have a small effect on performance.
|
debug off
|
Disables all cvpnd debug output.
|
debug trace on
debug trace users=username
|
The TraceLogger feature generates full captures of incoming and outgoing authenticated Mobile Access traffic. The output is in: $CVPNDIR/log/trace_log/.
debug trace on - Enables the TraceLogger feature for all users.
debug trace users=<username> - Enables the TraceLogger feature for a specified username
Important Notes:
1. The TraceLogger feature has a major effect on performance, because all traffic is saved as files.
2. The feature uses a lot of disk space. After a maximum number of files is output, the oldest files are removed from the disk, which also has a performance cost.
3. TraceLogger creates a security concern: end-user passwords sent to internal resources might appear in the capture files.
|
appMonitor status
|
Shows the status of the Application Monitor feature. The application monitor is a software component that monitors internal servers to track their up time.
If problems are found, a system alert log is created.
This command lists the applications monitored by the Application Monitor and their status.
|
cvpnd_settings
Description Changes a Mobile Access gateway's local configuration file, cvpnd.C.
Usage cvpnd_settings <get|set|add|listAdd|listRemove> <Attribute-Name> [Attribute-Value]
Parameters Run: cvpnd_settings –h for a full explanation of the parameters.
|
Important - Changes made by the cvpnd_settings command are not saved in gateway upgrades. Keep a backup of your cvpnd.C file after you make manual changes.
|
deleteUserSettings
Description Deletes all persistent settings (favorites, cookies, credentials) of one or more end-users.
Usage deleteUserSettings [-s] <username1> [<username2> ...]
Parameters
Parameter
|
Description
|
-s
|
Runs in silent mode with no output to the end-user's screen.
|
ics_updates_script
Description Manually starts an Endpoint Security on Demand (ESOD) update on the gateway. Use this script to troubleshoot ESOD updates.
Usage $CVPNDIR/bin/ics_updates_script <ICS_updates_file_path>
Notes:
- The script requires an ESOD update package on the gateway.
- Usually this script is not necessary and you start updates from SmartDashboard. Go to tab > > > .
- Be careful not to run other scripts with the name
ics_updates_script, for example, the one in $FWDIR/bin/.
rehash_ca_bundle
Description Imports all of the Certificate Authority (CA) files from the $CVPNDIR/var/ssl/ca-bundle/ directory into the Mobile Access trusted CA bundle.
The trusted CA bundle is used when the Mobile Access gateway accesses an internal server (such as OWA) through HTTPS. If the SSL server certificate of the internal server is not trusted by the gateway, the gateway responds based on the settings for the Internal Web Server Verification feature. The default setting is .
To accept certificates from a specified server, add its server certificate CA to the CA bundle.
Usage rehash_ca_bundle
admin_wizard
Description Tests connectivity to websites and Exchange server services.
- For websites: It tests connectivity to the website.
- For Exchange servers: It tests the response from an Exchange server. It also finds the address protocol (HTTP or HTTPS) and authentication method(Basic or NTLM) of the Exchange server services.
Usage
- For websites:
admin_wizard wizard <website address> - For Exchange servers:
admin_wizard exchange_wizard <Exchange server address> <user name> <password> [<parameters>]
Parameters
To enter more than one item within a parameter, separate items with a comma. For example: as,owa
Parameter
|
Description
|
[-t <as|ews|owa|all>]
|
Select the services to test on the Exchange server:
- as - Test ActiveSync
- ews -Test Exchange Web Services
- owa - Search for the Outlook Web Application address of the Exchange server
- all - Test all of the above services (default)
|
[-d <dns servers>]
|
Enter DNS servers
|
[-x <proxy servers>]
|
Enter proxy servers
|
[-c <username:password>]
|
Enter a user name and password for proxy authentication
|
[-n]
|
Allow only NTLM authentication instead of Basic and NTLM
|
[-m <domain name>]
|
Enter a user domain name
|
[-s <ActiveSync path>]
|
Test a specified ActiveSync service path (default: /Microsoft-Server-ActiveSync)
|
[-e <EWS path>]
|
Test a specified Exchange Web Services service path, (default: /EWS/Exchange.asmx)
|
[-f <file name>]
|
Write the results to a file
|
[-r]
|
Send a request with the configured: proxy, DNS, HTTP protocol, and authentication method.
If [-n] is included, then NTLM authentication method is used. If not, only Basic is used.
|
[-v]
|
Make the HTTP requests verbose. The verbose result files go to $CVPNDIR/log/trace_log/
|
[-p]
|
Validate the SSL certificate of the web server
|
|
