Difference between revisions of "Basic commands"

From Tech-Wiki
Jump to: navigation, search
Line 47: Line 47:
 
  diag netlink brctl domain <bridge_name>
 
  diag netlink brctl domain <bridge_name>
 
  diag netlink brctl name host <vdom.name>.b
 
  diag netlink brctl name host <vdom.name>.b
 +
 +
Listing a firewall rule
 +
show firewall policy 6
 +
 +
Disable the ‘more’ at page breaks
 +
config sys console
 +
  set output standard
  
 
Doing a packet capture (sniffer)
 
Doing a packet capture (sniffer)
Line 55: Line 62:
 
  count=10 (packets to dump)
 
  count=10 (packets to dump)
 
  tsformat=l (none specified then relative time, l-localtime)
 
  tsformat=l (none specified then relative time, l-localtime)
 
Packet flow debug - Equivalent to FW Monitor in Check Point, to evaluate the packet being accepted, forwarded or denied:
 
diag debug flow show function enable
 
diag debug flow show console enable
 
diag debug flow filter addr 10.31.101.22
 
diag debug flow filter port 80
 
diag debug enable
 
diag debug flow trace start 100
 
diag debug disable
 
 
VPN debug commands:
 
diag vpn ike log filter name <phase1-name>
 
diag vpn ike log filter src-addr4 <peer>
 
diag debug application ike -1 (or 255)
 
diag debug enable
 
diag vpn tunnel list
 
diag vpn tunnel flush  <phase1-name>
 
diag vpn tunnel reset  <phase1-name>
 
diag debug enable (then disable it)
 
 
Listing a firewall rule
 
show firewall policy 6
 
 
Disable the ‘more’ at page breaks
 
config sys console
 
  set output standard
 
 
IPS information and bypass mode
 
  diag test application ipsmonitor <number>
 
  1-display engine information
 
  2-enable/disable IPS engine
 
  5-Toggle bypass status
 
  99-restart IPS engines/monitor
 
 
Restart IPS engine
 
diag test application ipsengine 99
 
 
Restart WebFilter
 
  diag test application urlfilter 99
 
 
Test authentication
 
diag test auth ldap <server> <username> <password>
 
diag test auth radius <server> <chap|pap|mschap|mschap2> <username> <password>
 
 
Display diagnostic information for the web cache database daemon (wacs).
 
diag wacs clear
 
diag wacs recents
 
diag wacs restart
 
diag wacs stats
 

Revision as of 16:18, 11 July 2016


Essentials troubleshooting commands:

exec ping <destination>
exec ping-options source <origin>
exec ping6
exec traceroute <destination>
exec telnet|ssh <destination>

List network interfaces - Equivalent to cisco ‘show ip interfaces brief’

diag ip address list

List the routing table - Equivalent to cisco ‘show ip route’

get router info routing-table all
diag ip route list

Connect to a specific VDOM (change context)

config vdom
 edit root  (or edit vdom1)

Sample network configuration with physical ports and vlans:

config system interfaces
edit port2
  set ip 163.7.131.4 255.255.255.248
  set vdom root
end
edit vlan.15
  set interface port5
  set vlanid 15
  set ip 163.7.131.4 255.255.255.248
  set vdom root
end

Setting static routes and default gateway

config router static
 edit 1
  set dst 0.0.0.0/0.0.0.0
  set gateway 192.168.0.254
  set device vlan.15
 end

Show arp table

diag ip arp list

Show arp table (in transparent mode)

diag netlink brctl list
diag netlink brctl domain <bridge_name>
diag netlink brctl name host <vdom.name>.b

Listing a firewall rule

show firewall policy 6

Disable the ‘more’ at page breaks

config sys console
  set output standard

Doing a packet capture (sniffer)

diag sniffer packet any '!port 22' 4 10 <tsformat>
interfaces=[any]  (interface name can be specified)
filters=[!port 22]  (none can be used as well)
level=4 (print interface name and header)
count=10 (packets to dump)
tsformat=l (none specified then relative time, l-localtime)