SonicOS Command Line Interface Guide

PROTECTION AT THE SPEED OF BUSINESS

Introduction
This document contains a categorized complete listing of Command Line Interface (CLI) commands for
SonicOS Standard and Enhanced firmware for the Pro 4060, Pro 2040 and TZ 170 devices. Each
command is described and, where appropriate, an example of usage is included.

Note: Commands using port spec x0, 1x, etc. only take IDs for existing ports on the device. For example, the
TZ170 uses x0-x2, the Pro 2040 x0-x3, and the Pro 4060 x0-x5.
This Users Guide contains the following sections:

Input Data Format Specification

Text Conventions
Editing and Completion Features
Command Hierarchy
Configuration Security
Management Methods for Each Appliance
Initiating a Management Session
Command Set Status

Input Data Format Specification

The table below describes the data formats acceptable for most commands. H represents one or more
hexadecimal digit (0-9 and A-F). D represents one or more decimal digit.
Input Data Formats
Data

Data Format

MAC Address

HH:HH:HH:HH:HH:HH

MAC Address

HHHH.HHHH.HHHH

IP Address

D.D.D.D

IP Address

0xHHHHHHHH

Integer Values

Integer Values

0xH

Integer Range

D-D

Text Conventions
Bold text indicates a command executed by interacting with the user interface.
Courier bold text indicates commands and text entered using the CLI.
Italic text indicates the first occurrence of a new term, as well as a book title, and also emphasized text.
In this command summary, items presented in italics represent user-specified information.
Items within angle brackets (< >) are required information.
Items within square brackets ([ ]) are optional information.
Items separated by a pipe (|) are options. You can select any of them.

Page 1

Note: Though a command string may be displayed on multiple lines in this guide, it must be entered on a
single line with no carriage returns except at the end of the complete command.

Editing and Completion Features

You can use individual keys and control-key combinations to assist you with the CLI. The table below
describes the key and control-key combination functions.

Key Reference Table

Key(s)

Function

Tab

Completes the current word

Displays possible command completions

CTRL+A

Moves cursor to the beginning of the command line

CTRL+B

Movers cursor to the previous character

CTRL+C

Exits the Quick Start Wizard at any time

CTRL+E

Moves cursor to the end of the command line

CTRL+F

Moves cursor to the next character

CTRL+K

Erases characters from the cursor to the end of the line

CTRL+N

Displays the next command in the command history

CTRL+P

Displays the previous command in the command history

CTRL+W

Erases the previous word

Left Arrow

Moves cursor to the previous character

Right Arrow

Moves the cursor to the next character

Up Arrow

Displays the previous command in the command history

Down Arrow

Displays the next command in the command history

Page 2 SonicWALL Command Line Interface Guide

Most configuration commands require completing all fields in the command. For commands with several
possible completers, the Tab or ? key display all options.
myDevice> show [TAB]
alerts

interface

network

tech-support

arp

log

processes

tsr

content-filter

memory

route

web-management

cpu

messages

securityservices

zone

device

nat

status

zones

gms

netstat

system

The Tab key can also be used to finish a command if the command is uniquely identified by user input.
myDevice> show al [TAB]
displays
myDevice> show alerts
Additionally, commands can be abbreviated as long as the partial commands are unique. The following
text:
myDevice> sho int inf
is an acceptable abbreviation for
myDevice> show interface info

Page 3

Command Hierarchy
The CLI configuration manager allows you to control hardware and firmware of the appliance through a
discreet mode and submode system. The commands for the appliance fit into the logical hierarchy shown
below.
To configure items in a submode, activate the submode by entering a command in the mode above it.
For example, to set the default LAN interface speed or duplex, you must first enter configure, then
interface x0 lan. To return to the higher Configuration mode, simply enter end or finished.

Configuration Security
SonicWALL Internet Security appliances allow easy, flexible configuration without compromising the
security of their configuration or your network.

Passwords
The SonicWALL CLI currently uses the administrators password to obtain access. SonicWALL devices
are shipped with a default password of password. Setting passwords is important in order to access the
SonicWALL and configure it over a network.

Factory Reset to Defaults

If you are unable to connect to your device over the network, you can use the command restore to reset
the device to factory defaults during a serial configuration session.

Page 4 SonicWALL Command Line Interface Guide

Management Methods for the SonicWALL Internet Security Appliance

You can configure the SonicWALL appliance using one of two methods:

Using a serial connection and the configuration manager

-An IP address assignment is not necessary for appliance management.
-A device must be managed while physically connected via a serial cable.

Web browser-based User Interface

-In IP address must have been assigned to the appliance for management or use the default of
192.168.168.168.

Initiating a Management Session using the CLI

Serial Management and IP Address Assignment
Follow the steps below to initiate a management session via a serial connection and set an IP address for
the device.

Note: The default terminal settings on the SonicWALL and modules is 80 columns by 25 lines. To ensure the
best display and reduce the chance of graphic anomalies, use the same settings with the serial terminal
software. The device terminal settings can be changed, if necessary. Use the standard ANSI setting on
the serial terminal software.
1. Attach the included null modem cable to the appliance port marked CONSOLE. Attach the other end
of the null modem cable to a serial port on the configuring computer.
2. Launch any terminal emulation application that communicates with the serial port connected to the
appliance. Use these settings:

3.

115,200 baud (9600 for TZ170)

8 data bits
no parity
1 stop bit
no flow control
Press Return. Initial information is displayed followed by a DEVICE NAME> prompt.

Logging in to the SonicOS CLI

When the connection is established, log in to the security appliance:
1. At the User: prompt enter the Admins username. Only the admin user will be able to login from the
CLI. The default Admin username is admin. The default can be changed.
2. At the Password: prompt, enter the Admins password. If an invalid or mismatched username or
password is entered, the CLI prompt will return to User:, and a CLI administrator login denied due to
bad credentials error message will be logged. There is no lockout facility on the CLI.

Page 5

SonicOS Enhanced Command Listing

The following table displays all commands available for the SonicWALL.

Top Level Command Description

Configuration Command Description
Interface Configuration Command Description
Log Category Command Description
Zone Command Description

Command Descriptions
Command

Description

show alerts

Show alerts

show arp

Displays currently known arp entries

show content filter

Show content filter list status

show cpu

Show cpu and memory information

show device

Displays on the console the contents of the status

section of the Tech Support Report (TSR)

show gms

Displays GMS configuration

show interface details

<x1|x2|x3|x4|x5>

Displays on the console the contents of the network

section of the TSR

Show interface status <x1|x2|x3|x4|x5>

Displays on the console basic interface status for

the SonicWALL, such as active/inactive/disabled,
speed setting, duplex setting, IP addressing information

show log content

Display the SonicWALL log contents

show log settings

Display the configuration data

show memory

Display the system memory on the appliance

show messages

Show system messages

show nat policies

Display on the console the NAT policy section of the

TSR

show netstat

Displays the contents of the netstat table.

show network

Shows the network summary.

show processes

Display procedure information.

show route

Displays the complete routing table.

show security-services

Displays the complete status of all security services

on the SonicWALL, including license status,
licenses available, licenses in use, and license expiration dates.

show status

Shows the current status of the appliance.

Page 6 SonicWALL Command Line Interface Guide

Command

Description

show tech-support

Displays the contents of the TSR.

show tsr <all | av | cfl | dhcpc

|dhcprelay | dhcps | dhcpsstat | ethernet | ha | ip-helper | ipsec |
l2tpclient | license | log | management | network | objects | policies |
pppoe | pptpclient | radius | snmp |
status | time | update | users | wlb>

Displays on the console the named TSR sections or

all of the TSR.

show web-management

Display the Web-management status and configuration.

Show zone <name>

Displays on the console all rules for the specified

zone. For example, show zone <lan rules> displays
all of the rules to and from the LAN zone.

show zones

Displays configured zones on the appliance and

interfaces associated with each zone.

Page 7

Top Level Commands

Command

Description

clear screen

Clears the console screen, leaving a single

prompt line.

clear log

Clear log.

cls

Clears the console screen, leaving a single

prompt line.

configure

Enters the configuration level

exit

Causes you to exit the submenu, or if issued

at the global level, returns to the login prompt.

export preferences

Export a preferences file using Z-modem.

export tst

Export TSR using Z-modem.

help <command>

Displays the command and description.

import

Import preferences from the SonicWALl using

Z-modem.

logout

Log out from the console.

nslookup <Domain Name>

Look up the IP address of the given domain

name from the configured domain name servers.

ping <IP address|Domain Name>

Sends ICMP packets to the destination IP

address.

restart

Restart the SonicWALL.

restore

Restore the factory default settings on the

SonicWALL

synchronize-licenses

Synchronizes the SonicWALL licensing information with the mysonicwall.com backend.

traceroute <IP address|Domain

Name>

Displays router hops to destination.

Page 8 SonicWALL Command Line Interface Guide

Configure Level Commands

Command

Description

[no] arpt <IP address><MAC

address> interface <lan|wan|dmz>
[perm] [pub]

Add and remove arp entries for specified interface.

end

Exit configuration menu.

help <command>

Displays command and description.

interface <x1|x2|x3|x4|x5>
[<lan|wan|dmz>]

Assigns a zone to an interface and then enters

the configuration of the interface.

gms

Enter GMS configuration menu.

GMS Configuration
algorithm <des-md5|frd3-sha>

Sets GMS encryption and authentication algorithm.

[no] authentication-key <hex key>

Sets the 32-hex or 40-hex authentication key

to communicate with the GMS server.

[no] behind-nat

Enables GMS behind a NAT device.

bound-interface <x1|x2|x3|x4|x5>

Bind a VPN policy to an interface.

[no] enable

Enables GMS management on a SonicWALL.

encryption-key <hex key>

set the 16-hex/48-hex encryption key to communicate with the GMS server.

end

Exit configuration menu.

finished

Exit configuration mode to top menu.

help <command>

Displays command and description.

info

Displays current GMS configuration state.

[no] nat-address <IP Address>

Sets the public NAT IP address that the GMS

server resides behind.

[no] over-vpn

Enable GMS server locally or over VPN.

[no] send-heartbeat

Send heart beat status messages only.

[no] server <IP Address>

Sets the real IP address of the GMS server.

[no] standby-management-sa

Enable the backup SA for GMS management.

syslog-port <uvalue|(default)>

Sets the syslog server port of the GMS server.

help <command>

Displays the command and description

Page 9

LAN Interface Configuration

Command

Description

interface <x0|x1|x2|x3|x4|x5>
[<lan|wan|dmz>}

Assigns zone and enters the

configuration mode for the
interface.

auto

Sets the interface to auto negotiate.

comment <string>

Adds comment as part of the

port configuration

duplex <full|half>

Sets the interface duplex

speed.

end

Exit the configuration mode.

finished

Exit configuration mode to the

top menu.

help <command>

Displays the command and

description.

info

Displays information about the

interface.
Enter the LAN configuration
mode.

mode lan
end

Exit configuration mode.

finished

Exit configuration mode to top

menu level.

help <command>

Displays the command and

description.

info

Displays information about the

interface.

ip <IP Address>
netmask <mask>

Sets the IP address for the

interface.

name <interface name>

Sets the name for the interface.

speed <10|100>

Sets the interface speed.

WAN Interface Configuration

Command

Description

auto

Sets the interface to

autonegotiate.

bandwidth-management enable

Enables bandwidth management.

Page 10 SonicWALL Command Line Interface Guide

Command

Description

bandwidth-management size <uvalue>

Sets the bandwidth management

size.

comment <string>

Adds comment as part of the port

configuration.

duplex <full|half>

Sets the interface duplex speed.

end

Exit the configuration mode.

finished

Exit configuration mode to the top

menu.

fragment-packets

Enable/disable fragmentation of
packets larger than the interface
MTU.

ignore-df-bit

Enable/disable ignoring the dont

fragment bit.

help <command>

Displays the command and

description.

info

Displays information about the

interface.

mode <static|dhcp|pptp|l2tp|pppoe>

Sets the mode for the WAN interface and inters the given mode
configuration.

Mode Static WAN

Interface
Configuration

[no] dns <IP

Address>

Enters or removes IP address of

DNS servers.

end

Exits configuration mode.

finished

Exits configuration mode to top

menu.

gateway <IP
Address>

Sets or removes default gateway

for the interface.

help <command>

Displays help for given command.

info

Displays IP information about the

interfac.

[no] ip <IP
Address>

Sets the IP address for the

interface.

end

Exits configuration mode.

finished

Exits configuration mode to top

menu.

Mode DHCP WAN

Interface
Configuration

Page 11

Command

Description

help <command>

Displays help for given command.

info

Displays IP information about the

interfac.

[no] hostname
<string>

Sets the hostname for the interface.

release

Releases IP address information.

renew

Renews IP address information.

Mode PPTP WAN

Interface

[no] dynamic

Sets the SonicWALL to obtain the

IP address dynamically.

Configuration

end

Exits configuration mode.

finished

Exits configuration mode to top

menu.

help <command>

Displays help for given

command.

[no] hostname
<string>

Clears/Sets PPTP hostname.

[no] inactivity

Enables/disables the PPTP

inactivity timer.

timeout <uvalue >

Sets/Clears the PPTP inactivity

timeout.

info

Displays IP information about the

interface.

[no] ip <IP
Address>

Sets/Clears the IP address for the

interface.

[no] password
<quoted string>

Sets/Clears the PPTP password.

[no] server ip <IP

Address>

Sest/Clears the PPTP server IP

address.

start
stop
[no] username
<string>

Sets/Clears the PPTP

username

Mode L2TP WAN

[no] dynamic

Sets the SonicWALL to obtain the

IP address dynamically.

Configuration

end

Exits configuration mode.

Page 12 SonicWALL Command Line Interface Guide

Command
Mode

Description

finished

Exits configuration mode to top

menu.

help <command>

Displays help for given

command.

[no] hostname
<string>

Clears/Sets L2TP hostname.

[no] inactivity

Enables/disables the L2TP

inactivity timer.

timeout <uvalue>

Sets/Clears the L2TP inactivity

timeout.

info

Displays IP information about the

interface.

[no] ip <IP
Address>

Sets/Clears the IP address for the

interface.

[no] password
<quoted string>

Sets/Clears the L2TP password.

[no] server ip <IP

Address>

Sets/Clears the L2TP server IP

address.

start
stop
[no] username
<string>

Sets/Clears the L2TP

username.

mtu <uvalue>

Sets the MTU of the interface.

name <interface
name>

Sets the name for the interface.

speed <10|100>

Sets the interface speed.

Other

auto

Sets the interface to autonegotiate.

Interface

comment <string>

Adds a comment as part of the

force configuration.

Configuration

duplex
<full|half>

Sets the interface duplex speed.

end

Exits configuration mode.

finished

Exits configuration mode to top

menu.

help <command>

Displays help for given

command.

Page 13

Command

Description

info

Displays IP information about the

interface.

name <interface
name>

Sets the name for the interface.

speed <10|100>

Sets the interface to autonegotiate.

[no] log categories [all]

Assigns/clears logging categories.

Log

[no] all

Assigns/clears all logging categories.

Category

[no] attack

Assigns/clears attack logging category.

Information

[no] blocked-code

Assigns/clears blocked code logging category.

[no] blockedsites

Assigns/clears blocked sites logging category.

[no] connection

Assigns/clears connection logging category.

[no] conn-traffic[

Assigns/clears conn traffic logging category.

[no] debug

Assigns/clears debug logging category.

end

Exits configuration mode.

finished

Exits configuration mode to top

menu.

help <command>

Displays help for given

command.

[no] icmp

Assigns/clears ICMP logging category.

info

Displays IP information about the

interface.

[no] lan-icmp

Assigns/clears LAN-ICMP logging category.

[no]lan-tcp

Assigns/clears LAN-TCP logging

category.

[no]lan-udp

Assigns/clears LAN-UDP logging

category.

[no]maintenance

Assigns/clears maintenance logging category.

Page 14 SonicWALL Command Line Interface Guide

Command

Description

[no] mgmt-80211b

Assigns/clears 80211b management logging category.

[no] modem-debug

Assigns/clears modem debugging logging category.

[no] sys-env

Assigns/clears sys env logging

category.

[no] sys-err

Assigns/clears sys error logging

category.

[no]tcp

Assigns/clears TCP logging category.

[no] udp

Assigns/clears UDP logging category.

[no] user-activity

Assign/clear user-activity logging

category.

[no] vpn-stat

Assigns/clears vpn-stat logging

category.

[no] vpn-tunnelstatus

Assigns/clears vpn tunnel status

logging category.

[no] log filter-time <uvalue>

Assigns/clears log filter time.

log ordering <choices> [invert]

Assign/clear ordering method

when displaying log entries.

name <string>

Sets/clears the firewall name.

[no] route default <IP address>

Assigns clear default route.

[no] route <Destination> <Netmask>

<Gateway> [metric <route metric>]

Assigns clear static routes.

[no] web-management http enable <x0 |

x1 | x2 | x3 | x4 | x5>

Enables/disables HTTP web

management.

web-management http port <tcp port or

'default'>

Assigns the HTTP web management port or reset to default.

[no] web-management https enable <x0

| x1 | x2 | x3 | x4 | x5>

Enables/disables HTTPS web

management.

web-management https port <tcp port

or 'default'>

Assigns the HTTPS web

management port or resets to
default.

web-management restore

Restores default web-management port and interface assignments.

zone <wan|lan|dms>

Enters the zone configuration

menu.
Page 15

Command

Description

end

Exits configuration mode.

finished

Exits configuration mode to top

menu.

[no] intrazonecommunications

Enables/disables intra-zone
communications.

SonicWALL OS Standard Commands

Show and Diag Commands (available at all levels)
Command

Description

show memory

Shows the system memory on the device.

show processes

Shows procedure information.

show status

Shows the current status of the device.

show tech-support

Displays to the console the contents of the

TSR.

show tsr <all | av | cfl | dhcpc

|dhcprelay | dhcps | dhcpsstat |
ethernet | ha | ip-helper |
ipsec | l2tpclient | license |
log | management | network |
objects | policies | pppoe |
pptpclient | radius | snmp |
status | time | update | users |
wlb>

Displays to the console the contents of the

TSR section named or all of the TSR.

show web-management

Displays the web-management status and

configuration.

Top Level Commands

Command

Description

cls

Clears window, leaving a single prompt

line.

exit

This command causes you to exit submenu, or if issued at the global level,
returns you to the login prompt.

export preferences

Exports the preferences file using the Zmodem.

export tsr

Exports the tsr using the Z-modem.

help <command>

Displays command and description.

import

Import preferences file using Z-modem.

Page 16 SonicWALL Command Line Interface Guide

Command

Description

logout

Logout from the console.

ping < IP address | Domain Name>

Sends ICMP packets to destination IP

address.

restart

Restarts the device.

restore

Restore the device to factory defaults.

[no] web-management http enable

Enables/disables HTTP web management.

web-management http port <tcp

port or 'default'>

Assigns the HTTP web management port

or reset to default.

[no] web-management https enable

Enables/disables HTTPS web management.

web-management https port <tcp

port or 'default'>

Assigns the HTTPS web management port

or resets to default.

web-management restore

Restores default web-management port

and interface assignments.

Page 17

Page 18 SonicWALL Command Line Interface Guide

SonicWALL, Inc.
1143 Borregas Avenue

T +1 408.745.9600

Sunnyvale CA 94089-1306

F +1 408.745.9300

P/N: 232-000549-00
Rev B, 02/2005

www.sonicwall.com

PROTECTION AT THE SPEED OF BUSINESS

2008 SonicWALL, Inc. is a registered trademark of SonicWALL, Inc. Other product names mentioned herein may be trademarks and/or registered trademarks of their respective companies. Specifications and
descriptions subject to change without notice. 07/07 SW 145