Difference between revisions of "Basic commands"
| Line 74: | Line 74: | ||
diag vpn tunnel reset <phase1-name> | diag vpn tunnel reset <phase1-name> | ||
diag debug enable (then disable it) | diag debug enable (then disable it) | ||
| + | |||
| + | Listing a firewall rule | ||
| + | show firewall policy 6 | ||
| + | |||
| + | Disable the ‘more’ at page breaks | ||
| + | config sys console | ||
| + | set output standard | ||
| + | |||
| + | IPS information and bypass mode | ||
| + | diag test application ipsmonitor <number> | ||
| + | 1-display engine information | ||
| + | 2-enable/disable IPS engine | ||
| + | 5-Toggle bypass status | ||
| + | 99-restart IPS engines/monitor | ||
| + | |||
| + | Restart IPS engine | ||
| + | diag test application ipsengine 99 | ||
| + | |||
| + | Restart WebFilter | ||
| + | diag test application urlfilter 99 | ||
| + | |||
| + | Test authentication | ||
| + | diag test auth ldap <server> <username> <password> | ||
| + | diag test auth radius <server> <chap|pap|mschap|mschap2> <username> <password> | ||
| + | |||
| + | Display diagnostic information for the web cache database daemon (wacs). | ||
| + | diag wacs clear | ||
| + | diag wacs recents | ||
| + | diag wacs restart | ||
| + | diag wacs stats | ||
Revision as of 16:17, 11 July 2016
Essentials troubleshooting commands:
exec ping <destination> exec ping-options source <origin> exec ping6 exec traceroute <destination> exec telnet|ssh <destination>
List network interfaces - Equivalent to cisco ‘show ip interfaces brief’
diag ip address list
List the routing table - Equivalent to cisco ‘show ip route’
get router info routing-table all diag ip route list
Connect to a specific VDOM (change context)
config vdom edit root (or edit vdom1)
Sample network configuration with physical ports and vlans:
config system interfaces edit port2 set ip 163.7.131.4 255.255.255.248 set vdom root end edit vlan.15 set interface port5 set vlanid 15 set ip 163.7.131.4 255.255.255.248 set vdom root end
Setting static routes and default gateway
config router static edit 1 set dst 0.0.0.0/0.0.0.0 set gateway 192.168.0.254 set device vlan.15 end
Show arp table
diag ip arp list
Show arp table (in transparent mode)
diag netlink brctl list diag netlink brctl domain <bridge_name> diag netlink brctl name host <vdom.name>.b
Doing a packet capture (sniffer)
diag sniffer packet any '!port 22' 4 10 <tsformat> interfaces=[any] (interface name can be specified) filters=[!port 22] (none can be used as well) level=4 (print interface name and header) count=10 (packets to dump) tsformat=l (none specified then relative time, l-localtime)
Packet flow debug - Equivalent to FW Monitor in Check Point, to evaluate the packet being accepted, forwarded or denied:
diag debug flow show function enable diag debug flow show console enable diag debug flow filter addr 10.31.101.22 diag debug flow filter port 80 diag debug enable diag debug flow trace start 100 diag debug disable
VPN debug commands:
diag vpn ike log filter name <phase1-name> diag vpn ike log filter src-addr4 <peer> diag debug application ike -1 (or 255) diag debug enable diag vpn tunnel list diag vpn tunnel flush <phase1-name> diag vpn tunnel reset <phase1-name> diag debug enable (then disable it)
Listing a firewall rule
show firewall policy 6
Disable the ‘more’ at page breaks
config sys console set output standard
IPS information and bypass mode
diag test application ipsmonitor <number> 1-display engine information 2-enable/disable IPS engine 5-Toggle bypass status 99-restart IPS engines/monitor
Restart IPS engine
diag test application ipsengine 99
Restart WebFilter
diag test application urlfilter 99
Test authentication
diag test auth ldap <server> <username> <password> diag test auth radius <server> <chap|pap|mschap|mschap2> <username> <password>
Display diagnostic information for the web cache database daemon (wacs).
diag wacs clear diag wacs recents diag wacs restart diag wacs stats