Command
|
Description
|
VPN
|
This command and subcommands are used for working with various aspects of VPN. VPN commands executed on the command line generate status information regarding VPN processes, or are used to stop and start specific VPN services.
|
vpn compreset
|
This command resets the compression/decompression statistics to zero.
|
vpn compstat
|
This command displays compression/decompression statistics.
|
vpn crl_zap
|
This command is used to erase all Certificate Revocation Lists (CRLs) from the cache.
|
vpn crlview
|
This command retrieves the Certificate Revocation List (CRL) from various distribution points and displays it for the user.
|
vpn debug
|
This command instructs the VPN daemon to write debug messages to the log file: $FWDIR/log/vpnd.elg.
|
vpn drv
|
This command installs the VPN kernel (vpnk) and
connects it to the FireWall kernel (fwk), attaching the
VPN driver to the FireWall driver.
|
vpn export_p12
|
This command exports information contained in the network objects database and writes it in the PKCS#12 format to a file with the p12 extension.
|
vpn macutil
|
This command is related to Remote Access VPN, specifically Office mode, generating a MAC address per remote user. This command is relevant only when allocating IP addresses via DHCP.
|
vpn mep_refresh
|
This command causes all MEP tunnels to fail-back to the best available gateway, providing that backup stickiness has been configured.
|
vpn nssm_toplogy
|
This command generates and uploads a topology (in NSSM format) to a IPSO NSSM server for use by IPSO clients.
|
vpn overlap_encdom
|
This command displays all overlapping VPN domains. Some IP addresses might belong to two or more VPN domains. The command alerts for overlapping encryption domains if one or both of the following conditions exist:
- The same VPN domain is defined for both Security Gateways
- If the gateway has multiple interfaces, and one or more of the interfaces has the same IP address and netmask.
|
vpn sw_topology
|
This command downloads the topology for a SofaWare Security Gateway.
|
vpn ver
|
This command displays the VPN major version number and build number.
|
vpn tu
|
This command launches the TunnelUtil tool which is used to control VPN tunnels.
|
The following commands relate to SecureClient.
Command
|
Explanation
|
SCC
|
VPN commands executed on SecureClient are used to generate status information, stop and start services, or connect to defines sites using specific user profiles.
|
scc connect
|
This command connects to the site using the specified profile, and waits for the connection to be established. In other words, the OS does not put this command into the background and executes the next command in the queue.
|
scc connectnowait
|
This command connects asynchronously to the site using the specified profile. This means, the OS moves onto the next command in the queue and this command is run in the background.
|
scc disconnect
|
This command disconnects from the site using a specific profile.
|
scc erasecreds
|
This command unsets authorization credentials.
|
scc listprofiles
|
This command lists all profiles.
|
scc numprofiles
|
This command displays the number of profiles.
|
scc restartsc
|
This command restarts SecureClient services.
|
scc passcert
|
This command sets the user's authentication credentials when authentication is performed using certificates.
|
scc setmode <mode>
|
This command switches the SecuRemote/SecureClient mode.
|
scc setpolicy
|
This command enables or disables the current default security policy.
|
scc sp
|
This command displays the current default security policy.
|
scc startsc
|
This command starts SecureClient services.
|
scc status
|
This is command displays the connection status.
|
scc stopsc
|
This command stops SecureClient services.
|
scc suppressdialogs
|
This command enables or suppresses dialog popups. By default, suppressdialogs is off.
|
scc userpass
|
This commands sets the user's authentication credentials -- username, and password.
|
scc ver
|
This command displays the current SecureClient version.
|
scc icacertenroll
|
This command enrolls a certificate with the internal CA, and currently receives 4 parameters - site, registration key, filename and password. Currently the command only supports the creation of p12 files.
|
scc sethotspotreg
|
This command line interface now includes HotSpot/Hotel registration support.
|
The following command lines relate to the Desktop Policy.
Command
|
Description
|
dtps ver
|
This command displays the policy server version.
|
dtps debug [on|off]
|
This command starts or stops the debug printouts to $FWDIR/log/dtps.elg
|
fwm psload <path to desktop policy file> <target>
|
This command loads the desktop policy onto the module. The target is the name of the module where the desktop policy is being loaded and should be entered as it appears in SmartDashboard. This command should be run from the management.
For example: fwm psload $FWDIR/conf/Standard.S Server_1
|
fwm sdsload <path to SDS objects file> <target>
|
This command loads the SDS database onto the module. The target is the name of the module where the SDS objects file is being loaded and should be entered as it appears in SmartDashboard. This command should be run from the management.
For example: fwm sdsload $FWDIR/conf/SDS_objects.C Server_1
|
