You are on page 1of 20

SonicOS Command Line Interface Guide

PROTECTION AT THE SPEED OF BUSINESS

Introduction
This document contains a categorized complete listing of Command Line Interface (CLI) commands for SonicOS Standard and Enhanced firmware for the Pro 4060, Pro 2040 and TZ 170 devices. Each command is described and, where appropriate, an example of usage is included.

Note: Commands using port spec x0, 1x, etc. only take IDs for existing ports on the device. For example, the
TZ170 uses x0-x2, the Pro 2040 x0-x3, and the Pro 4060 x0-x5. This Users Guide contains the following sections: Input Data Format Specification Text Conventions Editing and Completion Features Command Hierarchy Configuration Security Management Methods for Each Appliance Initiating a Management Session Command Set Status

Input Data Format Specification


The table below describes the data formats acceptable for most commands. H represents one or more hexadecimal digit (0-9 and A-F). D represents one or more decimal digit. Input Data Formats Data MAC Address MAC Address IP Address IP Address Integer Values Integer Values Integer Range Data Format HH:HH:HH:HH:HH:HH HHHH.HHHH.HHHH D.D.D.D 0xHHHHHHHH D 0xH D-D

Text Conventions
Bold text indicates a command executed by interacting with the user interface. Courier bold text indicates commands and text entered using the CLI. Italic text indicates the first occurrence of a new term, as well as a book title, and also emphasized text. In this command summary, items presented in italics represent user-specified information. Items within angle brackets (< >) are required information. Items within square brackets ([ ]) are optional information. Items separated by a pipe (|) are options. You can select any of them.

Page 1

Note: Though a command string may be displayed on multiple lines in this guide, it must be entered on a
single line with no carriage returns except at the end of the complete command.

Editing and Completion Features


You can use individual keys and control-key combinations to assist you with the CLI. The table below describes the key and control-key combination functions.

Key Reference Table


Key(s) Tab ? CTRL+A CTRL+B CTRL+C CTRL+E CTRL+F CTRL+K CTRL+N CTRL+P CTRL+W Left Arrow Right Arrow Up Arrow Down Arrow Function Completes the current word Displays possible command completions Moves cursor to the beginning of the command line Movers cursor to the previous character Exits the Quick Start Wizard at any time Moves cursor to the end of the command line Moves cursor to the next character Erases characters from the cursor to the end of the line Displays the next command in the command history Displays the previous command in the command history Erases the previous word Moves cursor to the previous character Moves the cursor to the next character Displays the previous command in the command history Displays the next command in the command history

Page 2 SonicWALL Command Line Interface Guide

Most configuration commands require completing all fields in the command. For commands with several possible completers, the Tab or ? key display all options. myDevice> show [TAB] alerts arp content-filter cpu device gms interface log memory messages nat netstat network processes route securityservices status system tech-support tsr web-management zone zones

The Tab key can also be used to finish a command if the command is uniquely identified by user input. myDevice> show al [TAB] displays myDevice> show alerts Additionally, commands can be abbreviated as long as the partial commands are unique. The following text: myDevice> sho int inf is an acceptable abbreviation for myDevice> show interface info

Page 3

Command Hierarchy
The CLI configuration manager allows you to control hardware and firmware of the appliance through a discreet mode and submode system. The commands for the appliance fit into the logical hierarchy shown below. To configure items in a submode, activate the submode by entering a command in the mode above it. For example, to set the default LAN interface speed or duplex, you must first enter configure, then interface x0 lan. To return to the higher Configuration mode, simply enter end or finished.

Configuration Security
SonicWALL Internet Security appliances allow easy, flexible configuration without compromising the security of their configuration or your network.

Passwords
The SonicWALL CLI currently uses the administrators password to obtain access. SonicWALL devices are shipped with a default password of password. Setting passwords is important in order to access the SonicWALL and configure it over a network.

Factory Reset to Defaults


If you are unable to connect to your device over the network, you can use the command restore to reset the device to factory defaults during a serial configuration session.

Page 4 SonicWALL Command Line Interface Guide

Management Methods for the SonicWALL Internet Security Appliance


You can configure the SonicWALL appliance using one of two methods: Using a serial connection and the configuration manager -An IP address assignment is not necessary for appliance management. -A device must be managed while physically connected via a serial cable. Web browser-based User Interface -In IP address must have been assigned to the appliance for management or use the default of 192.168.168.168.

Initiating a Management Session using the CLI


Serial Management and IP Address Assignment Follow the steps below to initiate a management session via a serial connection and set an IP address for the device.

Note: The default terminal settings on the SonicWALL and modules is 80 columns by 25 lines. To ensure the
best display and reduce the chance of graphic anomalies, use the same settings with the serial terminal software. The device terminal settings can be changed, if necessary. Use the standard ANSI setting on the serial terminal software. 1. Attach the included null modem cable to the appliance port marked CONSOLE. Attach the other end of the null modem cable to a serial port on the configuring computer. 2. Launch any terminal emulation application that communicates with the serial port connected to the appliance. Use these settings: 3. 115,200 baud (9600 for TZ170) 8 data bits no parity 1 stop bit no flow control Press Return. Initial information is displayed followed by a DEVICE NAME> prompt.

Logging in to the SonicOS CLI


When the connection is established, log in to the security appliance: 1. At the User: prompt enter the Admins username. Only the admin user will be able to login from the CLI. The default Admin username is admin. The default can be changed. 2. At the Password: prompt, enter the Admins password. If an invalid or mismatched username or password is entered, the CLI prompt will return to User:, and a CLI administrator login denied due to bad credentials error message will be logged. There is no lockout facility on the CLI.

Page 5

SonicOS Enhanced Command Listing


The following table displays all commands available for the SonicWALL. Top Level Command Description Configuration Command Description Interface Configuration Command Description Log Category Command Description Zone Command Description

Command Descriptions
Command show alerts show arp show content filter show cpu show device show gms show interface details <x1|x2|x3|x4|x5> Show interface status <x1|x2|x3|x4|x5> Show alerts Displays currently known arp entries Show content filter list status Show cpu and memory information Displays on the console the contents of the status section of the Tech Support Report (TSR) Displays GMS configuration Displays on the console the contents of the network section of the TSR Displays on the console basic interface status for the SonicWALL, such as active/inactive/disabled, speed setting, duplex setting, IP addressing information Display the SonicWALL log contents Display the configuration data Display the system memory on the appliance Show system messages Display on the console the NAT policy section of the TSR Displays the contents of the netstat table. Shows the network summary. Display procedure information. Displays the complete routing table. Displays the complete status of all security services on the SonicWALL, including license status, licenses available, licenses in use, and license expiration dates. Shows the current status of the appliance. Description

show log content show log settings show memory show messages show nat policies show netstat show network show processes show route show security-services

show status

Page 6 SonicWALL Command Line Interface Guide

Command show tech-support show tsr <all | av | cfl | dhcpc |dhcprelay | dhcps | dhcpsstat | ethernet | ha | ip-helper | ipsec | l2tpclient | license | log | management | network | objects | policies | pppoe | pptpclient | radius | snmp | status | time | update | users | wlb> show web-management Show zone <name>

Description Displays the contents of the TSR. Displays on the console the named TSR sections or all of the TSR.

Display the Web-management status and configuration. Displays on the console all rules for the specified zone. For example, show zone <lan rules> displays all of the rules to and from the LAN zone. Displays configured zones on the appliance and interfaces associated with each zone.

show zones

Page 7

Top Level Commands


Command clear screen clear log cls configure exit export preferences export tst help <command> import logout nslookup <Domain Name> Description Clears the console screen, leaving a single prompt line. Clear log. Clears the console screen, leaving a single prompt line. Enters the configuration level Causes you to exit the submenu, or if issued at the global level, returns to the login prompt. Export a preferences file using Z-modem. Export TSR using Z-modem. Displays the command and description. Import preferences from the SonicWALl using Z-modem. Log out from the console. Look up the IP address of the given domain name from the configured domain name servers. Sends ICMP packets to the destination IP address. Restart the SonicWALL. Restore the factory default settings on the SonicWALL Synchronizes the SonicWALL licensing information with the mysonicwall.com backend. Displays router hops to destination.

ping <IP address|Domain Name> restart restore synchronize-licenses traceroute <IP address|Domain Name>

Page 8 SonicWALL Command Line Interface Guide

Configure Level Commands


Command [no] arpt <IP address><MAC address> interface <lan|wan|dmz> [perm] [pub] end help <command> interface <x1|x2|x3|x4|x5> [<lan|wan|dmz>] gms GMS Configuration algorithm <des-md5|frd3-sha> [no] authentication-key <hex key> [no] behind-nat bound-interface <x1|x2|x3|x4|x5> [no] enable encryption-key <hex key> end finished help <command> info [no] nat-address <IP Address> [no] over-vpn [no] send-heartbeat [no] server <IP Address> [no] standby-management-sa syslog-port <uvalue|(default)> help <command> Sets GMS encryption and authentication algorithm. Sets the 32-hex or 40-hex authentication key to communicate with the GMS server. Enables GMS behind a NAT device. Bind a VPN policy to an interface. Enables GMS management on a SonicWALL. set the 16-hex/48-hex encryption key to communicate with the GMS server. Exit configuration menu. Exit configuration mode to top menu. Displays command and description. Displays current GMS configuration state. Sets the public NAT IP address that the GMS server resides behind. Enable GMS server locally or over VPN. Send heart beat status messages only. Sets the real IP address of the GMS server. Enable the backup SA for GMS management. Sets the syslog server port of the GMS server. Displays the command and description Description Add and remove arp entries for specified interface. Exit configuration menu. Displays command and description. Assigns a zone to an interface and then enters the configuration of the interface. Enter GMS configuration menu.

Page 9

LAN Interface Configuration


Command interface <x0|x1|x2|x3|x4|x5> [<lan|wan|dmz>} auto comment <string> duplex <full|half> end finished help <command> info mode lan end finished help <command> info ip <IP Address> netmask <mask> name <interface name> speed <10|100> Description Assigns zone and enters the configuration mode for the interface. Sets the interface to auto negotiate. Adds comment as part of the port configuration Sets the interface duplex speed. Exit the configuration mode. Exit configuration mode to the top menu. Displays the command and description. Displays information about the interface. Enter the LAN configuration mode. Exit configuration mode. Exit configuration mode to top menu level. Displays the command and description. Displays information about the interface. Sets the IP address for the interface. Sets the name for the interface. Sets the interface speed.

WAN Interface Configuration


Command auto bandwidth-management enable Description Sets the interface to autonegotiate. Enables bandwidth management.

Page 10 SonicWALL Command Line Interface Guide

Command bandwidth-management size <uvalue> comment <string> duplex <full|half> end finished fragment-packets

Description Sets the bandwidth management size. Adds comment as part of the port configuration. Sets the interface duplex speed. Exit the configuration mode. Exit configuration mode to the top menu. Enable/disable fragmentation of packets larger than the interface MTU. Enable/disable ignoring the dont fragment bit. Displays the command and description. Displays information about the interface. Sets the mode for the WAN interface and inters the given mode configuration. Enters or removes IP address of DNS servers. Exits configuration mode. Exits configuration mode to top menu. Sets or removes default gateway for the interface. Displays help for given command. Displays IP information about the interfac. Sets the IP address for the interface. Exits configuration mode.

ignore-df-bit

help <command> info mode <static|dhcp|pptp|l2tp|pppoe>

Mode Static WAN Interface Configuration

[no] dns <IP Address> end finished gateway <IP Address> help <command> info [no] ip <IP Address>

Mode DHCP WAN Interface Configuration

end

finished

Exits configuration mode to top menu.


Page 11

Command help <command> info [no] hostname <string> release renew

Description Displays help for given command. Displays IP information about the interfac. Sets the hostname for the interface. Releases IP address information. Renews IP address information.

Mode PPTP WAN Interface Configuration

[no] dynamic end finished help <command> [no] hostname <string> [no] inactivity timeout <uvalue > info [no] ip <IP Address> [no] password <quoted string> [no] server ip <IP Address> start stop [no] username <string>

Sets the SonicWALL to obtain the IP address dynamically. Exits configuration mode. Exits configuration mode to top menu. Displays help for given command. Clears/Sets PPTP hostname. Enables/disables the PPTP inactivity timer. Sets/Clears the PPTP inactivity timeout. Displays IP information about the interface. Sets/Clears the IP address for the interface. Sets/Clears the PPTP password. Sest/Clears the PPTP server IP address.

Sets/Clears the PPTP username Sets the SonicWALL to obtain the IP address dynamically. Exits configuration mode.

Mode L2TP WAN Configuration

[no] dynamic end

Page 12 SonicWALL Command Line Interface Guide

Command Mode finished help <command> [no] hostname <string> [no] inactivity timeout <uvalue> info [no] ip <IP Address> [no] password <quoted string> [no] server ip <IP Address> start stop [no] username <string> mtu <uvalue> name <interface name> speed <10|100> Other Interface Configuration auto comment <string> duplex <full|half> end finished help <command>

Description Exits configuration mode to top menu. Displays help for given command. Clears/Sets L2TP hostname. Enables/disables the L2TP inactivity timer. Sets/Clears the L2TP inactivity timeout. Displays IP information about the interface. Sets/Clears the IP address for the interface. Sets/Clears the L2TP password. Sets/Clears the L2TP server IP address.

Sets/Clears the L2TP username. Sets the MTU of the interface. Sets the name for the interface. Sets the interface speed. Sets the interface to autonegotiate. Adds a comment as part of the force configuration. Sets the interface duplex speed. Exits configuration mode. Exits configuration mode to top menu. Displays help for given command.

Page 13

Command info name <interface name> speed <10|100> [no] log categories [all] Log Category Information [no] all [no] attack [no] blocked-code [no] blockedsites [no] connection [no] conn-traffic[ [no] debug end finished help <command> [no] icmp info [no] lan-icmp [no]lan-tcp [no]lan-udp [no]maintenance

Description Displays IP information about the interface. Sets the name for the interface. Sets the interface to autonegotiate. Assigns/clears logging categories. Assigns/clears all logging categories. Assigns/clears attack logging category. Assigns/clears blocked code logging category. Assigns/clears blocked sites logging category. Assigns/clears connection logging category. Assigns/clears conn traffic logging category. Assigns/clears debug logging category. Exits configuration mode. Exits configuration mode to top menu. Displays help for given command. Assigns/clears ICMP logging category. Displays IP information about the interface. Assigns/clears LAN-ICMP logging category. Assigns/clears LAN-TCP logging category. Assigns/clears LAN-UDP logging category. Assigns/clears maintenance logging category.

Page 14 SonicWALL Command Line Interface Guide

Command [no] mgmt-80211b [no] modem-debug [no] sys-env [no] sys-err [no]tcp [no] udp [no] user-activity [no] vpn-stat [no] vpn-tunnelstatus [no] log filter-time <uvalue> log ordering <choices> [invert] name <string> [no] route default <IP address> [no] route <Destination> <Netmask> <Gateway> [metric <route metric>] [no] web-management http enable <x0 | x1 | x2 | x3 | x4 | x5> web-management http port <tcp port or 'default'> [no] web-management https enable <x0 | x1 | x2 | x3 | x4 | x5> web-management https port <tcp port or 'default'> web-management restore

Description Assigns/clears 80211b management logging category. Assigns/clears modem debugging logging category. Assigns/clears sys env logging category. Assigns/clears sys error logging category. Assigns/clears TCP logging category. Assigns/clears UDP logging category. Assign/clear user-activity logging category. Assigns/clears vpn-stat logging category. Assigns/clears vpn tunnel status logging category. Assigns/clears log filter time. Assign/clear ordering method when displaying log entries. Sets/clears the firewall name. Assigns clear default route. Assigns clear static routes. Enables/disables HTTP web management. Assigns the HTTP web management port or reset to default. Enables/disables HTTPS web management. Assigns the HTTPS web management port or resets to default. Restores default web-management port and interface assignments. Enters the zone configuration menu.
Page 15

zone <wan|lan|dms>

Command end finished [no] intrazonecommunications

Description Exits configuration mode. Exits configuration mode to top menu. Enables/disables intra-zone communications.

SonicWALL OS Standard Commands


Show and Diag Commands (available at all levels) Command show memory show processes show status show tech-support show tsr <all | av | cfl | dhcpc |dhcprelay | dhcps | dhcpsstat | ethernet | ha | ip-helper | ipsec | l2tpclient | license | log | management | network | objects | policies | pppoe | pptpclient | radius | snmp | status | time | update | users | wlb> show web-management Description Shows the system memory on the device. Shows procedure information. Shows the current status of the device. Displays to the console the contents of the TSR. Displays to the console the contents of the TSR section named or all of the TSR.

Displays the web-management status and configuration.

Top Level Commands Command cls exit Description Clears window, leaving a single prompt line. This command causes you to exit submenu, or if issued at the global level, returns you to the login prompt. Exports the preferences file using the Zmodem. Exports the tsr using the Z-modem. Displays command and description. Import preferences file using Z-modem.

export preferences export tsr help <command> import


Page 16 SonicWALL Command Line Interface Guide

Command logout ping < IP address | Domain Name> restart restore [no] web-management http enable web-management http port <tcp port or 'default'> [no] web-management https enable web-management https port <tcp port or 'default'> web-management restore

Description Logout from the console. Sends ICMP packets to destination IP address. Restarts the device. Restore the device to factory defaults. Enables/disables HTTP web management. Assigns the HTTP web management port or reset to default. Enables/disables HTTPS web management. Assigns the HTTPS web management port or resets to default. Restores default web-management port and interface assignments.

Page 17

Page 18 SonicWALL Command Line Interface Guide

SonicWALL, Inc. 1143 Borregas Avenue Sunnyvale CA 94089-1306 P/N: 232-000549-00 Rev B, 02/2005 T +1 408.745.9600 F +1 408.745.9300 www.sonicwall.com

PROTECTION AT THE SPEED OF BUSINESS

2008 SonicWALL, Inc. is a registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Specifications and descriptions subject to change without notice. 07/07 SW 145