1 Command Line Interface

In addition to the Local System Manager (LSM) and the Centralized Management Capability of the Security Management System (SMS), a Command-line Interface (CLI) can be used to configure and manage the NGFW Appliance. The CLI is accessed directly through the console or remotely through SSH. Non-secure connections, such as Telnet, are not permitted. For the initial set up, the "superuser" account is set for the appliance. Once that is set, you can login from the console and set the management port IP address. SSH and HTTPS are then accessible at the management port IP address.

NOTE: To access the most recent updates to the NGFW product documentation, go to http://www.hp.com/support/manuals.

This chapter covers the following topics:

Overview” on page 5

Command Modes” on page 7

Configuration File Versions” on page 9

Overview

This chapter covers the hierarchical structure of the CLI, the command line syntax, and an overview on how to edit, save and manage configuration files. Also provided, are a list of unix like utilities for monitoring and troubleshooting the system. The show command provides easy to read sections from log files. The display command displays sections of the running configuration file, or can be used to list a preview of your configuration file edits before making a commitment to save.

Access to the NGFW is through the console to initially configure management access. The management port is enabled by default for SSH and LSM management access. All access is determined by group membership and the management of their roles. To configure granular levels of access, the aaa (Authentication and Authorization and Auditing) context has the necessary utilities to modify users, groups, roles, and their capabilities.

Command Line Interface Syntax

The following syntax is used in the CLI.

Table 1-1Command Line Syntax

Syntax Convention

Explanation

 

 

UPPERCASE

Uppercase replaced by a value that you supply

 

 

(x)

Parentheses indicate a mandatory argument.

 

 

[x]

Brackets indicate an optional argument.

 

 

A vertical bar indicates a logical OR - such as alternatives within

 

parentheses or brackets.

 

 

Example:

NGFW{}traceroute ? (displays help information)

NGFW{}traceroute (A.B.C.DHOSTNAME) [from A.B.C.D] [mgmt]

In the above example, arguments for the Traceroute command must either use a IP address or the hostname. An optional argument can either be “from” a source IP address or the argument “mgmt”.

NGFW{}traceroute 198.162.0.1 from 198.162.0.2

NGFW{}traceroute 198.162.0.1 mgmt

NGFW Command Line Interface Reference

5

Page 12 Page 14
Page 13
Image 13
HP TippingPoint Next Generation Firewall manual Command Line Interface Syntax, Parentheses indicate a mandatory argument
Page 12 Page 14
Top Page Image Contents