In This Section: |
Description Shows the version of the Mobile Access Software Blade. Use with fw ver -k
to get all version details.
Usage cvpn_ver
Description Shows a list of end-users connected to the gateway, along with their source IP addresses.
Usage listusers
Description Stops all Mobile Access blade services.
Usage cvpnstop
Notes: While this command does not terminate sessions, it closes all TCP connections. End-users might lose their work
Description Starts all Mobile Access blade services.
Usage cvpnstart
Description Restarts all Mobile Access blade services.
Usage cvpnrestart [--with-pinger]
Parameters
Parameter |
Description |
---|---|
|
Restarts the ‘pinger’ service, responsible for ActiveSync and Outlook Web Access push mail notifications. |
Notes: While this command does not terminate sessions, it closes all TCP connections. End-users might lose their work
Description A utility to change the behavior of the Mobile Access cvpnd process.
Usage cvpnd_admin [policy [hard] | [debug [off | set… | trace]]
Parameters
Parameter |
Description |
---|---|
|
Updates the Mobile Access services according to the current policy. For Apache services, each |
|
Updates the Mobile Access services according to the current policy. For Apache services, all |
|
Enables all Note: Enabling all debug topics might have a small effect on performance. |
|
Disables all |
|
The TraceLogger feature generates full captures of incoming and outgoing authenticated Mobile Access traffic. The output is in:
Important Notes: 1. The TraceLogger feature has a major effect on performance, because all traffic is saved as files. 2. The feature uses a lot of disk space. After a maximum number of files is output, the oldest files are removed from the disk, which also has a performance cost. 3. TraceLogger creates a security concern: end-user passwords sent to internal resources might appear in the capture files. |
|
Shows the status of the Application Monitor feature. The application monitor is a software component that monitors internal servers to track their up time. If problems are found, a system alert log is created. This command lists the applications monitored by the Application Monitor and their status. |
Description Changes a Mobile Access gateway's local configuration file, cvpnd.C.
Usage cvpnd_settings <conf_file_path> <get|set|add|listAdd|listRemove> <Attribute-Name> [Attribute-Value]
Parameters Run: cvpnd_settings –h
for a full explanation of the parameters.
Important - Changes made by the |
Description Deletes all persistent settings (favorites, cookies, credentials) of one or more end-users.
Usage deleteUserSettings [-s] <username1> [<username2> ...]
Parameters
Parameter |
Description |
---|---|
|
Runs in silent mode with no output to the end-user's screen. |
Description Manually starts an Endpoint Security on Demand (ESOD) update on the gateway. Use this script to troubleshoot ESOD updates.
Usage $CVPNDIR/bin/ics_updates_script <ICS_updates_file_path>
Notes:
ics_updates_script
, for example, the one in $FWDIR/bin/
.Description Imports all of the Certificate Authority (CA) files from the $CVPNDIR/var/ssl/ca-bundle/
directory into the Mobile Access trusted CA bundle.
The trusted CA bundle is used when the Mobile Access gateway accesses an internal server (such as OWA) through HTTPS. If the SSL server certificate of the internal server is not trusted by the gateway, the gateway responds based on the settings for the Internal Web Server Verification feature. The default setting is Monitor.
To accept certificates from a specified server, add its server certificate CA to the CA bundle.
Usage rehash_ca_bundle
Description Tests connectivity to websites and Exchange server services.
Usage
admin_wizard wizard <website address>
admin_wizard exchange_wizard <Exchange server address> <user name> <password> [<parameters>]
Parameters
To enter more than one item within a parameter, separate items with a comma. For example: as,owa
Parameter |
Description |
---|---|
|
Select the services to test on the Exchange server:
|
|
Enter DNS servers |
|
Enter proxy servers |
|
Enter a user name and password for proxy authentication |
|
Allow only NTLM authentication instead of Basic and NTLM |
|
Enter a user domain name |
|
Test a specified ActiveSync service path (default: /Microsoft-Server-ActiveSync) |
|
Test a specified Exchange Web Services service path, (default: /EWS/Exchange.asmx) |
|
Write the results to a file |
|
Send a request with the configured: proxy, DNS, HTTP protocol, and authentication method. If [-n] is included, then NTLM authentication method is used. If not, only Basic is used. |
|
Make the HTTP requests verbose. The verbose result files go to |
|
Validate the SSL certificate of the web server |
This feature is supported in R77.10 and higher.
Description: Sends command interrupts to fwpushd
process.
Usage: fwpush info|send|print|unsub
Switch |
Description |
||
---|---|---|---|
|
Get data on notifications in the push queue:
|
||
|
Send an on-demand push notification from a command line, using a username or a token. |
||
|
Show the push notifications queue and the pending batches. |
||
|
Unsubscribe a user:
|
||
Important - Before you use the |
To see user connection status:
Run: [expert@hostname:0]# UserSettingsUtil show_exchange_registered_users
Example output:
|
Use the value of the CN variable (JohnD
in this example) for the username in the fwpush send
command:[expert@hostname:0]# fwpush send -uid JohnD -msg "hello push"
If you use a token, it must be taken from the output of the command:UserSettingsUtil show_exchange_registered_users
For example:[Expert@secure-GW]# UserSettingsUtil show_exchange_registered_users
If you use a different token, push notifications cannot work with the gateway.
Note - Users only get push notifications while logged in. |