Professional Documents
Culture Documents
SonicWALL SonicOS CLI Guide
SonicWALL SonicOS CLI Guide
Note: Commands using port spec x0, 1x, etc. only take IDs for existing ports on the device. For example, the
TZ170 uses x0-x2, the Pro 2040 x0-x3, and the Pro 4060 x0-x5.
This User’s Guide contains the following sections:
• Input Data Format Specification
• Text Conventions
• Editing and Completion Features
• Command Hierarchy
• Configuration Security
• Management Methods for Each Appliance
• Initiating a Management Session
• Command Set Status
IP Address D.D.D.D
IP Address 0xHHHHHHHH
Integer Values D
Text Conventions
Bold text indicates a command executed by interacting with the user interface.
Courier bold text indicates commands and text entered using the CLI.
Italic text indicates the first occurrence of a new term, as well as a book title, and also emphasized text.
In this command summary, items presented in italics represent user-specified information.
Items within angle brackets (“< >”) are required information.
Items within square brackets (“[ ]”) are optional information.
Items separated by a “pipe” (“|”) are options. You can select any of them.
Page 1
Note: Though a command string may be displayed on multiple lines in this guide, it must be entered on a
single line with no carriage returns except at the end of the complete command.
Key(s) Function
Tab Completes the current word
? Displays possible command completions
CTRL+A Moves cursor to the beginning of the command line
CTRL+B Movers cursor to the previous character
CTRL+C Exits the Quick Start Wizard at any time
CTRL+E Moves cursor to the end of the command line
CTRL+F Moves cursor to the next character
CTRL+K Erases characters from the cursor to the end of the line
CTRL+N Displays the next command in the command history
CTRL+P Displays the previous command in the command history
CTRL+W Erases the previous word
Left Arrow Moves cursor to the previous character
Right Arrow Moves the cursor to the next character
Up Arrow Displays the previous command in the command history
Down Arrow Displays the next command in the command history
The Tab key can also be used to finish a command if the command is uniquely identified by user input.
myDevice> show al [TAB]
displays
myDevice> show alerts
Additionally, commands can be abbreviated as long as the partial commands are unique. The following
text:
myDevice> sho int inf
is an acceptable abbreviation for
myDevice> show interface info
Page 3
Command Hierarchy
The CLI configuration manager allows you to control hardware and firmware of the appliance through a
discreet mode and submode system. The commands for the appliance fit into the logical hierarchy shown
below.
To configure items in a submode, activate the submode by entering a command in the mode above it.
For example, to set the default LAN interface speed or duplex, you must first enter configure, then
interface x0 lan. To return to the higher Configuration mode, simply enter end or finished.
Configuration Security
SonicWALL Internet Security appliances allow easy, flexible configuration without compromising the
security of their configuration or your network.
Passwords
The SonicWALL CLI currently uses the administrator’s password to obtain access. SonicWALL devices
are shipped with a default password of password. Setting passwords is important in order to access the
SonicWALL and configure it over a network.
Factory Reset to Defaults
If you are unable to connect to your device over the network, you can use the command restore to reset
the device to factory defaults during a serial configuration session.
Note: The default terminal settings on the SonicWALL and modules is 80 columns by 25 lines. To ensure the
best display and reduce the chance of graphic anomalies, use the same settings with the serial terminal
software. The device terminal settings can be changed, if necessary. Use the standard ANSI setting on
the serial terminal software.
1. Attach the included null modem cable to the appliance port marked CONSOLE. Attach the other end
of the null modem cable to a serial port on the configuring computer.
2. Launch any terminal emulation application that communicates with the serial port connected to the
appliance. Use these settings:
• 115,200 baud (9600 for TZ170)
• 8 data bits
• no parity
• 1 stop bit
• no flow control
3. Press Return. Initial information is displayed followed by a DEVICE NAME> prompt.
Logging in to the SonicOS CLI
When the connection is established, log in to the security appliance:
1. At the User: prompt enter the Admin’s username. Only the admin user will be able to login from the
CLI. The default Admin username is admin. The default can be changed.
2. At the Password: prompt, enter the Admin’s password. If an invalid or mismatched username or
password is entered, the CLI prompt will return to User:, and a “CLI administrator login denied due to
bad credentials” error message will be logged. There is no lockout facility on the CLI.
Page 5
SonicOS Enhanced Command Listing
The following table displays all commands available for the SonicWALL.
Command Description
show interface details Displays on the console the contents of the network
<x1|x2|x3|x4|x5> section of the TSR
Show interface status <x1|x2|x3|x4|x5> Displays on the console basic interface status for
the SonicWALL, such as active/inactive/disabled,
speed setting, duplex setting, IP addressing infor-
mation
show nat policies Display on the console the NAT policy section of the
TSR
show tsr <all | av | cfl | dhcpc Displays on the console the named TSR sections or
|dhcprelay | dhcps | dhcpsstat | eth- all of the TSR.
ernet | ha | ip-helper | ipsec |
l2tpclient | license | log | manage-
ment | network | objects | policies |
pppoe | pptpclient | radius | snmp |
status | time | update | users | wlb>
Show zone <name> Displays on the console all rules for the specified
zone. For example, show zone <lan rules> displays
all of the rules to and from the LAN zone.
Page 7
Top Level Commands
Command Description
Command Description
[no] arpt <IP address><MAC Add and remove arp entries for specified inter-
address> interface <lan|wan|dmz> face.
[perm] [pub]
GMS Configuration
[no] authentication-key <hex key> Sets the 32-hex or 40-hex authentication key
to communicate with the GMS server.
[no] nat-address <IP Address> Sets the public NAT IP address that the GMS
server resides behind.
[no] server <IP Address> Sets the real IP address of the GMS server.
syslog-port <uvalue|(default)> Sets the syslog server port of the GMS server.
Page 9
LAN Interface Configuration
Command Description
Command Description
Page 11
Command Description
Mode PPTP WAN [no] dynamic Sets the SonicWALL to obtain the
Interface IP address dynamically.
start
stop
Mode L2TP WAN [no] dynamic Sets the SonicWALL to obtain the
IP address dynamically.
start
stop
Page 13
Command Description
web-management http port <tcp port or Assigns the HTTP web manage-
'default'> ment port or reset to default.
Page 15
Command Description
Command Description
show tsr <all | av | cfl | dhcpc Displays to the console the contents of the
|dhcprelay | dhcps | dhcpsstat | TSR section named or all of the TSR.
ethernet | ha | ip-helper |
ipsec | l2tpclient | license |
log | management | network |
objects | policies | pppoe |
pptpclient | radius | snmp |
status | time | update | users |
wlb>
Command Description
web-management http port <tcp Assigns the HTTP web management port
port or 'default'> or reset to default.
web-management https port <tcp Assigns the HTTPS web management port
port or 'default'> or resets to default.
Page 17
Page 18 SonicWALL Command Line Interface Guide
SonicWALL, Inc.