Professional Documents
Culture Documents
Sonicos Command Line Interface Guide: Protection at The Speed of Business
Sonicos Command Line Interface Guide: Protection at The Speed of Business
Introduction
This document contains a categorized complete listing of Command Line Interface (CLI) commands for
SonicOS Standard and Enhanced firmware for the Pro 4060, Pro 2040 and TZ 170 devices. Each
command is described and, where appropriate, an example of usage is included.
Note: Commands using port spec x0, 1x, etc. only take IDs for existing ports on the device. For example, the
TZ170 uses x0-x2, the Pro 2040 x0-x3, and the Pro 4060 x0-x5.
This Users Guide contains the following sections:
Data Format
MAC Address
HH:HH:HH:HH:HH:HH
MAC Address
HHHH.HHHH.HHHH
IP Address
D.D.D.D
IP Address
0xHHHHHHHH
Integer Values
Integer Values
0xH
Integer Range
D-D
Text Conventions
Bold text indicates a command executed by interacting with the user interface.
Courier bold text indicates commands and text entered using the CLI.
Italic text indicates the first occurrence of a new term, as well as a book title, and also emphasized text.
In this command summary, items presented in italics represent user-specified information.
Items within angle brackets (< >) are required information.
Items within square brackets ([ ]) are optional information.
Items separated by a pipe (|) are options. You can select any of them.
Page 1
Note: Though a command string may be displayed on multiple lines in this guide, it must be entered on a
single line with no carriage returns except at the end of the complete command.
Function
Tab
CTRL+A
CTRL+B
CTRL+C
CTRL+E
CTRL+F
CTRL+K
CTRL+N
CTRL+P
CTRL+W
Left Arrow
Right Arrow
Up Arrow
Down Arrow
Most configuration commands require completing all fields in the command. For commands with several
possible completers, the Tab or ? key display all options.
myDevice> show [TAB]
alerts
interface
network
tech-support
arp
log
processes
tsr
content-filter
memory
route
web-management
cpu
messages
securityservices
zone
device
nat
status
zones
gms
netstat
system
The Tab key can also be used to finish a command if the command is uniquely identified by user input.
myDevice> show al [TAB]
displays
myDevice> show alerts
Additionally, commands can be abbreviated as long as the partial commands are unique. The following
text:
myDevice> sho int inf
is an acceptable abbreviation for
myDevice> show interface info
Page 3
Command Hierarchy
The CLI configuration manager allows you to control hardware and firmware of the appliance through a
discreet mode and submode system. The commands for the appliance fit into the logical hierarchy shown
below.
To configure items in a submode, activate the submode by entering a command in the mode above it.
For example, to set the default LAN interface speed or duplex, you must first enter configure, then
interface x0 lan. To return to the higher Configuration mode, simply enter end or finished.
Configuration Security
SonicWALL Internet Security appliances allow easy, flexible configuration without compromising the
security of their configuration or your network.
Passwords
The SonicWALL CLI currently uses the administrators password to obtain access. SonicWALL devices
are shipped with a default password of password. Setting passwords is important in order to access the
SonicWALL and configure it over a network.
Note: The default terminal settings on the SonicWALL and modules is 80 columns by 25 lines. To ensure the
best display and reduce the chance of graphic anomalies, use the same settings with the serial terminal
software. The device terminal settings can be changed, if necessary. Use the standard ANSI setting on
the serial terminal software.
1. Attach the included null modem cable to the appliance port marked CONSOLE. Attach the other end
of the null modem cable to a serial port on the configuring computer.
2. Launch any terminal emulation application that communicates with the serial port connected to the
appliance. Use these settings:
3.
Page 5
Command Descriptions
Command
Description
show alerts
Show alerts
show arp
show cpu
show device
show gms
show memory
show messages
show netstat
show network
show processes
show route
show security-services
show status
Command
Description
show tech-support
show web-management
show zones
Page 7
Description
clear screen
clear log
Clear log.
cls
configure
exit
export preferences
export tst
help <command>
import
logout
restart
restore
synchronize-licenses
Description
end
help <command>
interface <x1|x2|x3|x4|x5>
[<lan|wan|dmz>]
gms
GMS Configuration
algorithm <des-md5|frd3-sha>
[no] behind-nat
bound-interface <x1|x2|x3|x4|x5>
[no] enable
set the 16-hex/48-hex encryption key to communicate with the GMS server.
end
finished
help <command>
info
[no] over-vpn
[no] send-heartbeat
[no] standby-management-sa
syslog-port <uvalue|(default)>
help <command>
Page 9
Description
interface <x0|x1|x2|x3|x4|x5>
[<lan|wan|dmz>}
auto
comment <string>
duplex <full|half>
end
finished
help <command>
info
mode lan
end
finished
help <command>
info
ip <IP Address>
netmask <mask>
speed <10|100>
Description
auto
bandwidth-management enable
Command
Description
comment <string>
duplex <full|half>
end
finished
fragment-packets
Enable/disable fragmentation of
packets larger than the interface
MTU.
ignore-df-bit
help <command>
info
mode <static|dhcp|pptp|l2tp|pppoe>
Sets the mode for the WAN interface and inters the given mode
configuration.
end
finished
gateway <IP
Address>
help <command>
info
[no] ip <IP
Address>
end
finished
Page 11
Command
Description
help <command>
info
[no] hostname
<string>
release
renew
[no] dynamic
Configuration
end
finished
help <command>
[no] hostname
<string>
[no] inactivity
info
[no] ip <IP
Address>
[no] password
<quoted string>
start
stop
[no] username
<string>
[no] dynamic
Configuration
end
Command
Mode
Description
finished
help <command>
[no] hostname
<string>
[no] inactivity
timeout <uvalue>
info
[no] ip <IP
Address>
[no] password
<quoted string>
start
stop
[no] username
<string>
mtu <uvalue>
name <interface
name>
speed <10|100>
Other
auto
Interface
comment <string>
Configuration
duplex
<full|half>
end
finished
help <command>
Page 13
Command
Description
info
name <interface
name>
speed <10|100>
Log
[no] all
Category
[no] attack
Information
[no] blocked-code
[no] blockedsites
[no] connection
[no] conn-traffic[
[no] debug
end
finished
help <command>
[no] icmp
info
[no] lan-icmp
[no]lan-tcp
[no]lan-udp
[no]maintenance
Command
Description
[no] mgmt-80211b
[no] modem-debug
[no] sys-env
[no] sys-err
[no]tcp
[no] udp
[no] user-activity
[no] vpn-stat
[no] vpn-tunnelstatus
name <string>
web-management restore
zone <wan|lan|dms>
Command
Description
end
finished
[no] intrazonecommunications
Enables/disables intra-zone
communications.
Description
show memory
show processes
show status
show tech-support
show web-management
Description
cls
exit
This command causes you to exit submenu, or if issued at the global level,
returns you to the login prompt.
export preferences
export tsr
help <command>
import
Command
Description
logout
restart
restore
web-management restore
Page 17
SonicWALL, Inc.
1143 Borregas Avenue
T +1 408.745.9600
Sunnyvale CA 94089-1306
F +1 408.745.9300
P/N: 232-000549-00
Rev B, 02/2005
www.sonicwall.com
2008 SonicWALL, Inc. is a registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Specifications and
descriptions subject to change without notice. 07/07 SW 145