sonicwall cli guide

COMPREHENSIVE INTERNET SECURITY S o n i c WALL Internet Security Ap p l i a n c e s SonicOS Standard/Enhanced Command Line Interface (CLI) Guide

Upload: devendra-barhate

Post on 04-Apr-2015




17 download


Page 1: Sonicwall Cli Guide


S o n i c WALL Internet Security Ap p l i a n c e s

SonicOS Standard/EnhancedCommand Line Interface (CLI)Guide

Page 2: Sonicwall Cli Guide

Page 1

�����������This document contains a categorized complete listing of Command Line Interface (CLI) commands for SonicOS Standard and Enhanced firmware for the Pro 4060, Pro 2040 and TZ 170 devices. Each command is described and, where appropriate, an example of usage is included.

����� Commands using port spec x0, 1x, etc. only take IDs for existing ports on the device. For example, the TZ170 uses x0-x2, the Pro 2040 x0-x3, and the Pro 4060 x0-x5.

This User’s Guide contains the following sections:

• Input Data Format Specification• Text Conventions• Editing and Completion Features• Command Hierarchy• Configuration Security• Management Methods for Each Appliance• Initiating a Management Session• Command Set Status

������ � ����� ������� ���The table below describes the data formats acceptable for most commands. H represents one or more hexadecimal digit (0-9 and A-F). D represents one or more decimal digit.


���������������Bold text indicates a command executed by interacting with the user interface.

Courier bold text indicates commands and text entered using the CLI.

Italic text indicates the first occurrence of a new term, as well as a book title, and also emphasized text. In this command summary, items presented in italics represent user-specified information.

Items within angle brackets (“< >”) are required information.

Items within square brackets (“[ ]”) are optional information.

Items separated by a “pipe” (“|”) are options. You can select any of them.

Data Data Format



IP Address D.D.D.D


Integer Values D

Integer Values 0xH

Integer Range D-D

Page 3: Sonicwall Cli Guide

Page 2 SonicWALL Command Line Interface Guide

����� Though a command string may be displayed on multiple lines in this guide, it must be entered on a single line with no carriage returns except at the end of the complete command.

������ �������������� �����

You can use individual keys and control-key combinations to assist you with the CLI. The table below describes the key and control-key combination functions.

��������������� ���

Key(s) Function

Tab Completes the current word

? Displays possible command completions

CTRL+A Moves cursor to the beginning of the command line

CTRL+B Movers cursor to the previous character

CTRL+C Exits the Quick Start Wizard at any time

CTRL+E Moves cursor to the end of the command line

CTRL+F Moves cursor to the next character

CTRL+K Erases characters from the cursor to the end of the line

CTRL+N Displays the next command in the command history

CTRL+P Displays the previous command in the command history

CTRL+W Erases the previous word

Left Arrow Moves cursor to the previous character

Right Arrow Moves the cursor to the next character

Up Arrow Displays the previous command in the command history

Down Arrow Displays the next command in the command history

Page 4: Sonicwall Cli Guide

Page 3

Most configuration commands require completing all fields in the command. For commands with several possible completers, the Tab or ? key display all options.

myDevice> show [TAB]

The Tab key can also be used to finish a command if the command is uniquely identified by user input.

myDevice> show al [TAB]


myDevice> show alerts

Additionally, commands can be abbreviated as long as the partial commands are unique. The following text:

myDevice> sho int inf

is an acceptable abbreviation for

myDevice> show interface info

alerts interface network tech-support

arp log processes tsr

content-filter memory route web-management

cpu messages security-services


device nat status zones

gms netstat system

Page 5: Sonicwall Cli Guide

Page 4 SonicWALL Command Line Interface Guide

���� ������ �� �The CLI configuration manager allows you to control hardware and firmware of the appliance through a discreet mode and submode system. The commands for the appliance fit into the logical hierarchy shown below.

To configure items in a submode, activate the submode by entering a command in the mode above it.

For example, to set the default LAN interface speed or duplex, you must first enter configure, then interface x0 lan. To return to the higher Configuration mode, simply enter end or finished.

������� �����������SonicWALL Internet Security appliances allow easy, flexible configuration without compromising the security of their configuration or your network.

! ��"����The SonicWALL CLI currently uses the administrator’s password to obtain access. SonicWALL devices are shipped with a default password of password. Setting passwords is important in order to access the SonicWALL and configure it over a network.

� ������������������ ����If you are unable to connect to your device over the network, you can use the command restore to reset the device to factory defaults during a serial configuration session.

Page 6: Sonicwall Cli Guide

Page 5

# � �������#�� ��������� ������$%&&������������������%� ���You can configure the SonicWALL appliance using one of two methods:

• Using a serial connection and the configuration manager -An IP address assignment is not necessary for appliance management.

-A device must be managed while physically connected via a serial cable.

• Web browser-based User Interface -In IP address must have been assigned to the appliance for management or use the default of

��� ���� �# � �������������������� ���&�Serial Management and IP Address Assignment

Follow the steps below to initiate a management session via a serial connection and set an IP address for the device.

����� The default terminal settings on the SonicWALL and modules is 80 columns by 25 lines. To ensure the best display and reduce the chance of graphic anomalies, use the same settings with the serial terminal software. The device terminal settings can be changed, if necessary. Use the standard ANSI setting on the serial terminal software.

1. Attach the included null modem cable to the appliance port marked CONSOLE. Attach the other end of the null modem cable to a serial port on the configuring computer.

2. Launch any terminal emulation application that communicates with the serial port connected to the appliance. Use these settings:

• 115,200 baud (9600 for TZ170)• 8 data bits• no parity• 1 stop bit• no flow control3. Press Return. Initial information is displayed followed by a DEVICE NAME> prompt.

Page 7: Sonicwall Cli Guide

Page 6 SonicWALL Command Line Interface Guide

����'���� ��������� ���&����The following table displays all commands available for the SonicWALL.

• Top Level Command Description • Configuration Command Description • Interface Configuration Command Description • Log Category Command Description • Zone Command Description

���� ������������

Command Description

show alerts Show alerts

show arp Displays currently known arp entries

show content filter Show content filter list status

show cpu Show cpu and memory information

show device Displays on the console the contents of the status section of the Tech Support Report (TSR)

show gms Displays GMS configuration

show interface details <x1|x2|x3|x4|x5>

Displays on the console the contents of the network section of the TSR

Show interface status <x1|x2|x3|x4|x5> Displays on the console basic interface status for the SonicWALL, such as active/inactive/disabled, speed setting, duplex setting, IP addressing infor-mation

show log content Display the SonicWALL log contents

show log settings Display the configuration data

show memory Display the system memory on the appliance

show messages Show system messages

show nat policies Display on the console the NAT policy section of the TSR

show netstat Displays the contents of the netstat table.

show network Shows the network summary.

show processes Display procedure information.

show route Displays the complete routing table.

show security-services Displays the complete status of all security services on the SonicWALL, including license status, licenses available, licenses in use, and license expi-ration dates.

show status Shows the current status of the appliance.

Page 8: Sonicwall Cli Guide

Page 7

show tech-support Displays the contents of the TSR.

show tsr <all | av | cfl | dhcpc |dhcprelay | dhcps | dhcpsstat | eth-ernet | ha | ip-helper | ipsec | l2tpclient | license | log | manage-ment | network | objects | policies | pppoe | pptpclient | radius | snmp | status | time | update | users | wlb>

Displays on the console the named TSR sections or all of the TSR.

show web-management Display the Web-management status and configura-tion.

Show zone <name> Displays on the console all rules for the specified zone. For example, show zone <lan rules> displays all of the rules to and from the LAN zone.

show zones Displays configured zones on the appliance and interfaces associated with each zone.

Command Description

Page 9: Sonicwall Cli Guide

Page 8 SonicWALL Command Line Interface Guide

���&��������� ���

Command Description

clear screen Clears the console screen, leaving a single prompt line.

clear log Clear log.

cls Clears the console screen, leaving a single prompt line.

configure Enters the configuration level

exit Causes you to exit the submenu, or if issued at the global level, returns to the login prompt.

export preferences Export a preferences file using Z-modem.

export tst Export TSR using Z-modem.

help <command> Displays the command and description.

import Import preferences from the SonicWALl using Z-modem.

logout Log out from the console.

nslookup <Domain Name> Look up the IP address of the given domain name from the configured domain name serv-ers.

ping <IP address|Domain Name> Sends ICMP packets to the destination IP address.

restart Restart the SonicWALL.

restore Restore the factory default settings on the SonicWALL

synchronize-licenses Synchronizes the SonicWALL licensing infor-mation with the backend.

traceroute <IP address|Domain Name>

Displays router hops to destination.

Page 10: Sonicwall Cli Guide

Page 9

���������&��������� ���

Command Description

[no] arpt <IP address><MAC address> interface <lan|wan|dmz> [perm] [pub]

Add and remove arp entries for specified inter-face.

end Exit configuration menu.

help <command> Displays command and description.

interface <x1|x2|x3|x4|x5> [<lan|wan|dmz>]

Assigns a zone to an interface and then enters the configuration of the interface.

gms Enter GMS configuration menu.

GMS Configuration

algorithm <des-md5|frd3-sha> Sets GMS encryption and authentication algo-rithm.

[no] authentication-key <hex key> Sets the 32-hex or 40-hex authentication key to communicate with the GMS server.

[no] behind-nat Enables GMS behind a NAT device.

bound-interface <x1|x2|x3|x4|x5> Bind a VPN policy to an interface.

[no] enable Enables GMS management on a SonicWALL.

encryption-key <hex key> set the 16-hex/48-hex encryption key to com-municate with the GMS server.

end Exit configuration menu.

finished Exit configuration mode to top menu.

help <command> Displays command and description.

info Displays current GMS configuration state.

[no] nat-address <IP Address> Sets the public NAT IP address that the GMS server resides behind.

[no] over-vpn Enable GMS server locally or over VPN.

[no] send-heartbeat Send heart beat status messages only.

[no] server <IP Address> Sets the real IP address of the GMS server.

[no] standby-management-sa Enable the backup SA for GMS management.

syslog-port <uvalue|(default)> Sets the syslog server port of the GMS server.

help <command> Displays the command and description

Page 11: Sonicwall Cli Guide

Page 10 SonicWALL Command Line Interface Guide

&%(������� ���������� ���

$%(������� ���������� ����

Command Description

interface <x0|x1|x2|x3|x4|x5> [<lan|wan|dmz>}

Assigns zone and enters the configuration mode for the interface.

auto Sets the interface to auto nego-tiate.

comment <string> Adds comment as part of the port configuration

duplex <full|half> Sets the interface duplex speed.

end Exit the configuration mode.

finished Exit configuration mode to the top menu.

help <command> Displays the command and description.

info Displays information about the interface.

mode lan Enter the LAN configuration mode.

end Exit configuration mode.

finished Exit configuration mode to top menu level.

help <command> Displays the command and description.

info Displays information about the interface.

ip <IP Address> netmask <mask>

Sets the IP address for the interface.

name <interface name> Sets the name for the interface.

speed <10|100> Sets the interface speed.

Command Description

auto Sets the interface to autonegotiate.

bandwidth-management enable Enables bandwidth management.

Page 12: Sonicwall Cli Guide

Page 11

bandwidth-management size <uvalue> Sets the bandwidth management size.

comment <string> Adds comment as part of the port configuration.

duplex <full|half> Sets the interface duplex speed.

end Exit the configuration mode.

finished Exit configuration mode to the top menu.

fragment-packets Enable/disable fragmentation of packets larger than the interface MTU.

ignore-df-bit Enable/disable ignoring the don’t fragment bit.

help <command> Displays the command and description.

info Displays information about the interface.

mode <static|dhcp|pptp|l2tp|pppoe> Sets the mode for the WAN inter-face and inters the given mode configuration.

Mode Static WAN Interface Configuration

[no] dns <IP Address>

Enters or removes IP address of DNS servers.

end Exits configuration mode.

finished Exits configuration mode to top menu.

gateway <IP Address>

Sets or removes default gateway for the interface.

help <command> Displays help for given com-mand.

info Displays IP information about the interfac.

[no] ip <IP Address>

Sets the IP address for the interface.

Mode DHCP WAN Interface Configuration

end Exits configuration mode.

finished Exits configuration mode to top menu.

Command Description

Page 13: Sonicwall Cli Guide

Page 12 SonicWALL Command Line Interface Guide

help <command> Displays help for given com-mand.

info Displays IP information about the interfac.

[no] hostname <string>

Sets the hostname for the inter-face.

release Releases IP address information.

renew Renews IP address information.

Mode PPTP WAN Interface

[no] dynamic Sets the SonicWALL to obtain the IP address dynamically.

Configuration end Exits configuration mode.

finished Exits configuration mode to top menu.

help <command> Displays help for given command.

[no] hostname <string>

Clears/Sets PPTP hostname.

[no] inactivity Enables/disables the PPTP inactivity timer.

timeout <uvalue > Sets/Clears the PPTP inactivity timeout.

info Displays IP information about the interface.

[no] ip <IP Address>

Sets/Clears the IP address for the interface.

[no] password <quoted string>

Sets/Clears the PPTP password.

[no] server ip <IP Address>

Sest/Clears the PPTP server IP address.



[no] username <string>

Sets/Clears the PPTP username

Mode L2TP WAN [no] dynamic Sets the SonicWALL to obtain the IP address dynamically.

Configuration end Exits configuration mode.

Command Description

Page 14: Sonicwall Cli Guide

Page 13

Mode finished Exits configuration mode to top menu.

help <command> Displays help for given command.

[no] hostname <string>

Clears/Sets L2TP hostname.

[no] inactivity Enables/disables the L2TP inactivity timer.

timeout <uvalue> Sets/Clears the L2TP inactivity timeout.

info Displays IP information about the interface.

[no] ip <IP Address>

Sets/Clears the IP address for the interface.

[no] password <quoted string>

Sets/Clears the L2TP password.

[no] server ip <IP Address>

Sets/Clears the L2TP server IP address.



[no] username <string>

Sets/Clears the L2TP username.

mtu <uvalue> Sets the MTU of the interface.

name <interface name>

Sets the name for the interface.

speed <10|100> Sets the interface speed.

Other auto Sets the interface to autonegoti-ate.

Interface comment <string> Adds a comment as part of the force configuration.

Configuration duplex <full|half>

Sets the interface duplex speed.

end Exits configuration mode.

finished Exits configuration mode to top menu.

help <command> Displays help for given command.

Command Description

Page 15: Sonicwall Cli Guide

Page 14 SonicWALL Command Line Interface Guide

info Displays IP information about the interface.

name <interface name>

Sets the name for the interface.

speed <10|100> Sets the interface to autonegoti-ate.

[no] log categories [all] Assigns/clears logging catego-ries.

Log [no] all Assigns/clears all logging catego-ries.

Category [no] attack Assigns/clears attack logging cat-egory.

Information [no] blocked-code Assigns/clears blocked code log-ging category.

[no] blocked-sites

Assigns/clears blocked sites log-ging category.

[no] connection Assigns/clears connection log-ging category.

[no] conn-traf-fic[

Assigns/clears conn traffic log-ging category.

[no] debug Assigns/clears debug logging cat-egory.

end Exits configuration mode.

finished Exits configuration mode to top menu.

help <command> Displays help for given command.

[no] icmp Assigns/clears ICMP logging cat-egory.

info Displays IP information about the interface.

[no] lan-icmp Assigns/clears LAN-ICMP log-ging category.

[no]lan-tcp Assigns/clears LAN-TCP logging category.

[no]lan-udp Assigns/clears LAN-UDP logging category.

[no]maintenance Assigns/clears maintenance log-ging category.

Command Description

Page 16: Sonicwall Cli Guide

Page 15

[no] mgmt-80211b Assigns/clears 80211b manage-ment logging category.

[no] modem-debug Assigns/clears modem debug-ging logging category.

[no] sys-env Assigns/clears sys env logging category.

[no] sys-err Assigns/clears sys error logging category.

[no]tcp Assigns/clears TCP logging cate-gory.

[no] udp Assigns/clears UDP logging cate-gory.

[no] user-activ-ity

Assign/clear user-activity logging category.

[no] vpn-stat Assigns/clears vpn-stat logging category.

[no] vpn-tunnel-status

Assigns/clears vpn tunnel status logging category.

[no] log filter-time <uvalue> Assigns/clears log filter time.

log ordering <choices> [invert] Assign/clear ordering method when displaying log entries.

name <string> Sets/clears the firewall name.

[no] route default <IP address> Assigns clear default route.

[no] route <Destination> <Netmask> <Gateway> [metric <route metric>]

Assigns clear static routes.

[no] web-management http enable <x0 | x1 | x2 | x3 | x4 | x5>

Enables/disables HTTP web management.

web-management http port <tcp port or ’default’>

Assigns the HTTP web manage-ment port or reset to default.

[no] web-management https enable <x0 | x1 | x2 | x3 | x4 | x5>

Enables/disables HTTPS web management.

web-management https port <tcp port or ’default’>

Assigns the HTTPS web management port or resets to default.

web-management restore Restores default web-manage-ment port and interface assign-ments.

zone <wan|lan|dms> Enters the zone configuration menu.

Command Description

Page 17: Sonicwall Cli Guide

Page 16 SonicWALL Command Line Interface Guide

����$%&&�'���� �� ������� ���Show and Diag Commands (available at all levels)

Top Level Commands

end Exits configuration mode.

finished Exits configuration mode to top menu.

[no] intrazone-communications

Enables/disables intra-zone communications.

Command Description

Command Description

show memory Shows the system memory on the device.

show processes Shows procedure information.

show status Shows the current status of the device.

show tech-support Displays to the console the contents of the TSR.

show tsr <all | av | cfl | dhcpc |dhcprelay | dhcps | dhcpsstat | ethernet | ha | ip-helper | ipsec | l2tpclient | license | log | management | network | objects | policies | pppoe | pptpclient | radius | snmp | status | time | update | users | wlb>

Displays to the console the contents of the TSR section named or all of the TSR.

show web-management Displays the web-management status and configuration.

Command Description

cls Clears window, leaving a single prompt line.

exit This command causes you to exit sub-menu, or if issued at the global level, returns you to the login prompt.

export preferences Exports the preferences file using the Z-modem.

export tsr Exports the tsr using the Z-modem.

help <command> Displays command and description.

import Import preferences file using Z-modem.

Page 18: Sonicwall Cli Guide

Page 17

logout Logout from the console.

ping < IP address | Domain Name> Sends ICMP packets to destination IP address.

restart Restarts the device.

restore Restore the device to factory defaults.

[no] web-management http enable Enables/disables HTTP web management.

web-management http port <tcp port or ’default’>

Assigns the HTTP web management port or reset to default.

[no] web-management https enable Enables/disables HTTPS web manage-ment.

web-management https port <tcp port or ’default’>

Assigns the HTTPS web management port or resets to default.

web-management restore Restores default web-management port and interface assignments.

Command Description

Page 19: Sonicwall Cli Guide

Page 18 SonicWALL Command Line Interface Guide

Page 20: Sonicwall Cli Guide

© 2002 SonicWALL, I n c . SonicWALL is a registered trademark of SonicWALL, I n c . Other product and company names mentioned herein may bet rademarks and/ or registered trademarks of their respective companies. Specifications and descriptions subject to change with out notice.

T: 408.745.9600F: 408.745.9300

www.sonicwall.comSonicWALL,Inc.1143 Borregas AvenueSunnyvale,CA 94089-1306

P/ N 232- 000549- 00Rev A 04/ 04