Академический Документы
Профессиональный Документы
Культура Документы
Reference Guide
Classification: [Protected]
Contents
add ad-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
add address-range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
add admin-access-ipv4-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
add administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
add application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
add application-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
add bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
add group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
add host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
add interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
add interface-loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
add internet-connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
add local-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
add local-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
add nat-rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
add network . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
add qos-rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
add server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
add service-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
add service-icmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
add service-protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
add service-tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
add service-udp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
add snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
add static-route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
add switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
connect security-management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
delete ad-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
delete address-range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
delete admin-access-ipv4-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
delete administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
delete aggressive-aging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
delete application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
delete application-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
delete bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
delete dns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
delete group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
delete host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
delete interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
delete interface-loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
delete internet-connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
delete internet-connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
delete local-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
delete local-user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
delete nat-rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
delete proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
delete qos-rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
delete radius-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
delete server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
delete service-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
delete service-icmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
delete service-protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
delete service-tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
delete service-udp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
delete snmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
delete static-route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
delete static-routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
delete streaming-engine-settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
delete switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
delete ui-settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
delete vpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
delete wlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
find application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
send cloud-report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
set ad-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
set additional-hw-settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
set address-range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
set admin-access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
set administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
set administrators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
set aggressive-aging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
set antispam . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
set application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
set application-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
set application-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
set bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
set cloud-deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
set cloud-services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
set date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
set device-details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Parameters
Parameter Description
The action taken when there is a match on the rule
action
Options: block, accept, ask, inform, block-inform
Description of the rule
comment Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
destination Network object that is the target of the connection
If true, the destination is all traffic except what is defined in the destination field
destination-negate
Type: Boolean (true/false)
Indicates if the rule is disabled
disabled
Type: Boolean (true/false)
If true, time is configured
hours-range-enabled
Type: Boolean (true/false)
Time in the format HH:MM
hours-range-from
Type: A time format hh:mm
Time in the format HH:MM
hours-range-to
Type: A time format hh:mm
Defines which logging method to use: None - do not log, Log - Create log, Alert
log - log with alert, Account - account rule
Options: none, log, alert, account
name
name
Type: A string of alphanumeric characters without space between them
The order of the rule in comparison to other manual rules
position
Type: Decimal number
The order of the rule in comparison to other manual rules
position-above
Type: Decimal number
The order of the rule in comparison to other manual rules
position-below
Type: Decimal number
service The network service object that the rule should match to
If true, the service is everything except what is defined in the service field
service-negate
Type: Boolean (true/false)
source Network object or user group that initiates the connection
If true, the source is all traffic except what is defined in the source field
source-negate
Type: Boolean (true/false)
Indicates if traffic is matched on encrypted traffic only or all traffic
vpn
Type: Boolean (true/false)
Syntax add access-rule type outgoing [ action <action> ] [ log <log> ] [ source
<source> ] [ source-negate <source-negate> ] [ destination <destination>
] [ destination-negate <destination-negate> ] [ service <service> ] [
service-negate <service-negate> ] [ disabled <disabled> ] [ comment
<comment> ] [ hours-range-enabled { true hours-range-from <hours-range-from>
hours-range-to <hours-range-to> | false } ] [ { position <position> |
position-above <position-above> | position-below <position-below> } ] [
name <name> ] [ { [ application-name <application-name> ] | [ application-id
<application-id> ] } ] [ application-negate <application-negate>
] [ limit-application-download { true limit <limit> | false } ] [
limit-application-upload { true limit <limit> | false } ]
Parameters
Parameter Description
The action taken when there is a match on the rule
action
Options: block, accept, ask, inform, block-inform
application-id Applications or web sites that are accepted or blocked
application-name Applications or web sites that are accepted or blocked
If true, the rule accepts or blocks all applications but the selected application
application-negate
Type: Boolean (true/false)
Description of the rule
comment Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
destination Network object that is the target of the connection
If true, the destination is all traffic except what is defined in the destination field
destination-negate
Type: Boolean (true/false)
Indicates if the rule is disabled
disabled
Type: Boolean (true/false)
If true, time is configured
hours-range-enabled
Type: Boolean (true/false)
Time in the format HH:MM
hours-range-from
Type: A time format hh:mm
Time in the format HH:MM
hours-range-to
Type: A time format hh:mm
Applications traffic upload limit (in kbps)
limit
Type: A number with no fractional part (integer)
If true, download is limited
limit-application-
Type: Boolean (true/false)
download
If true, upload is limited
limit-application-
Type: Boolean (true/false)
upload
Defines which logging method to use: None - do not log, Log - Create log, Alert
log - log with alert, Account - account rule
Options: none, log, alert, account
name
name
Type: A string of alphanumeric characters without space between them
The order of the rule in comparison to other manual rules
position
Type: Decimal number
The order of the rule in comparison to other manual rules
position-above
Type: Decimal number
The order of the rule in comparison to other manual rules
position-below
Type: Decimal number
service The network service object that the rule should match to
If true, the service is everything except what is defined in the service field
service-negate
Type: Boolean (true/false)
Example add access-rule type outgoing action block log none source TEXT
source-negate true destination TEXT destination-negate true service
TEXT service-negate true disabled true comment This is a comment.
hours-range-enabled true hours-range-from 23:20 hours-range-to 23:20
position 2 name word application-name hasOne application-negate true
limit-application-download true limit -1000000 limit-application-upload true
limit -1000000
add ad-server
Parameters
Parameter Description
The branch of the domain to be used
branch-path
Type: An LDAP DN
Domain name
domain
Type: Host name
ipv4-address Domain controller IP address
The user’s password
password
Type: A string that contains alphanumeric and special characters
Select only if you want to use only part of the user database defined in the Active
use-branch-path Directory
Type: Boolean (true/false)
FQDN of the user
user-dn
Type: An LDAP DN
A user name with administrator privileges to communicate with the AD server
username
Type: A string that contains (0-9, a-z, - . @) up to 64 characters without spaces
add address-range
add admin-access-ipv4-address
add admin-access-ipv4-address
Description Administrator access IP addresses
Syntax add admin-access-ipv4-address single-ipv4-address <single-ipv4-address>
Parameters
Parameter Description
IP address
single-ipv4-address
Type: IP address
add admin-access-ipv4-address
Description Administrator access IP addresses
Parameters
Parameter Description
Subnet mask length
mask-length
Type: A string that contains numbers only
IP address
network-ipv4-address
Type: IP address
Subnet mask
subnet-mask
Type: Subnet mask
add administrator
Parameters
Parameter Description
Virtual field used for calculating a hashed password
password-hash
Type: An encrypted password
Indicates if the administrator has read-only permissions
permission
Options: read-write, readonly
Indicates the administrator user name
username
Type: A string that contains [A-Z], [0-9], and ’_’ characters
List of allowed IP addresses, email addresses (senders) and domains for Anti-Spam blade
Parameters
Parameter Description
Anti-Spam allowed IP address
ipv4-addr
Type: IP address
List of blocked IP addresses, email addresses (senders) and domains for Anti-Spam blade
Parameters
Parameter Description
Anti-Spam blocked IP address
ipv4-addr
Type: IP address
Parameters
Parameter Description
Anti-Spam blocked domain or sender
sender-or-domain
Type: A domain name or email address
add application
Parameters
Parameter Description
Application name
application-name
Type: URL
application-url Contains the URLs related to this application
The primary category for the application (the category which is the most rele-
category
vant)
Indicates if regular expressions are used instead of partial strings
regex-url
Type: Boolean (true/false)
add application
Description Database of user-defined URLs
Parameters
Parameter Description
application-url Application URL
add application-group
Parameters
Parameter Description
Application group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - . &) characters without spaces
Parameters
Parameter Description
Bridge name
name
Type: A bridge name can be br0-9
add group
Parameters
Parameter Description
Comments and explanation about the Network Object group
comments Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
member An association field to the contained network objects
Network Object group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
Example add group name myObject_17 comments This is a comment. member TEXT
add host
Parameters
Parameter Description
Indicates if the object’s IP address(es) is excluded from internal DHCP daemon
dhcp-exclude-ip-addr
Type: Press TAB to see available options
Indicates if the IP address is reserved in internal DHCP daemon
dhcp-reserve-ip-addr-
Type: Press TAB to see available options
to-mac
add interface
Local network
add interface
Description Local network
Parameters
Parameter Description
The switch or bridge which the object belongs to
assignment
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Enter a number that is the virtual identifier
vlan
Type: A number with no fractional part (integer)
add interface
Description Local network
Syntax add vpn tunnel <vpn tunnel> type { unnumbered peer <peer>
internet-connection <internet-connection> | numbered local <local> remote
<remote> peer <peer> }
Parameters
Parameter Description
internet-connection The local interface for unnumbered VTI
Enter the IP address of the interface
local
Type: IP address
Example add vpn tunnel -1000000 type unnumbered peer site17 internet-connection My
connection
add interface-loopback
Parameters
Parameter Description
Enter the IP address of the interface
ipv4-address
Type: IP address
Represents the network’s mask length
mask-length
Type: A string that contains numbers only
Enter the Subnet mask of the specified network
subnet-mask
Type: A subnet mask, or 255.255.255.255
add internet-connection
Internet Connection
add internet-connection
Description Internet Connection
interface {
Parameters
Parameter Description
Connection test timeout
conn-test-timeout
Type: A number with no fractional part (integer)
WAN default gateway (in the advanced section of PPTP and l2TP)
default-gw
Type: IP address
First DNS server IP address
dns-primary
Type: IP address
Second DNS server IP address
dns-secondary
Type: IP address
Third DNS server IP address
dns-tertiary
Type: IP address
Interface name
interface
Type: Press TAB to see available options
IP address field(for static ip and bridge settings)
ipv4-address
Type: IP address
isVlan
isVlan
Type: Boolean (true/false)
Local tunnel IP address or Auto for automatic
local-ipv4-address
Type: An IP address, or ’auto’
Subnet mask length
mask-length
Type: A string that contains numbers only
add internet-connection
Description Internet Connection
Parameters
Parameter Description
APN (cellular modem settings)
apn
Type: A string that contains [a-z], [0-9], ’-’ and ’.’ characters
Connection test timeout
conn-test-timeout
Type: A number with no fractional part (integer)
Dialed number of the cellular modem settings
number
Type: A sequence of numbers and #,* characters
Password for PPP connection or cellular modem settings
password
Type: internetPassword
The hash of the user password
password-hash
Type: passwordHash
Connection type
type
Type: Press TAB to see available options
User name for PPP connection or cellular modem settings
username Type: A string that contains all printable characters but a single or double quote-
like characters. Usually <username>@<ISP>
add local-group
Parameters
Parameter Description
Comments
comments Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
Local group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
Indicates if the users group have remote access permissions
remote-access-on
Type: Boolean (true/false)
add local-user
Parameters
Parameter Description
Comments
comments Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
Expiration date for a temporary user in format yyyy-mm-dd
expiration-date
Type: A date format yyyy-mm-dd
Expiration time for a temporary user in format HH:MM
expiration-time
Type: A time format hh:mm
Indicates if the user entry is temporary
is-temp-user
Type: Boolean (true/false)
User’s name in the local database
name
Type: A string that contains (0-9, a-z, - . @) up to 64 characters without spaces
User’s password in the local database
password
Type: A string that contains alphanumeric and special characters
add nat-rule
Parameters
Parameter Description
Comment for manual NAT rule
comment Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
The gateway will reply to ARP requests sent to the original destination’s IP ad-
enable-arp-proxy dress (Does not apply to IP ranges/networks)
Type: Boolean (true/false)
Hide multiple sources behind the translated source addresses
hide-sources
Type: Boolean (true/false)
name
name
Type: A string of alphanumeric characters without space between them
original-destination Original destination of rule
original-service Original service of rule
original-source Original source of rule
The order of the rule in comparison to other manual rules
position
Type: Decimal number
The order of the rule in comparison to other manual rules
position-above
Type: Decimal number
The order of the rule in comparison to other manual rules
position-below
Type: Decimal number
translated-destination Translated destination of rule
translated-service Translated service of rule
translated-source Translated source of rule
Parameters
Parameter Description
Export format
export-format
Options: Netflow_V9, Netflow_V5
IP address
ip
Type: IP address
Indicates if netflow is enabled
is-enabled
Type: Boolean (true/false)
UDP port
port
Type: Port number
Source IP address
srcaddr
Type: IP address
add network
Parameters
Parameter Description
mask-length Mask length
Network Object name
name
Type: String
network-ipv4-address Network address
subnet-mask IP mask used in the related network
add qos-rule
Parameters
Parameter Description
Description of the rule
comment Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
destination Network object that is the target of the connection
DiffServ Mark is a way to mark connections so a third party will handle it. To use
diffserv-mark this option, your ISP or private WAN must support DiffServ
Type: Boolean (true/false)
To mark packets that will be given priority on the public network according to
their DSCP, select DiffServ Mark (1-63) and select a value. You can get the
diffserv-mark-val
DSCP value from your ISP or private WAN administrator
Type: A number with no fractional part (integer)
If true, traffic guarantee is defined
guarantee-bandwidth
Type: Boolean (true/false)
Traffic guarantee percentage
guarantee-percentage
Type: A number with no fractional part (integer)
If true, time is configured
hours-range-enabled
Type: Boolean (true/false)
Time in the format HH:MM
hours-range-from
Type: A time format hh:mm
Time in the format HH:MM
hours-range-to
Type: A time format hh:mm
If true, traffic limit is defined
limit-bandwidth
Type: Boolean (true/false)
Traffic limit percentage
limit-percentage
Type: A number with no fractional part (integer)
Defines which logging method to use: None - do not log, Log - Create log
log
Options: none, log
The latency of the rule (low or normal)
low-latency-rule
Type: Press TAB to see available options
name
name
Type: A string of alphanumeric characters without space between them
The order of the rule in comparison to other manual rules
position
Type: Decimal number
The order of the rule in comparison to other manual rules
position-above
Type: Decimal number
The order of the rule in comparison to other manual rules
position-below
Type: Decimal number
service The network service object that the rule should match to
source Network object or user group that initiates the connection
Indicates if traffic is matched on encrypted traffic only or all traffic
vpn
Type: Boolean (true/false)
Traffic weight, relative to the weights defined for other rules
weight
Type: A number with no fractional part (integer)
Example add qos-rule source TEXT destination TEXT service TEXT low-latency-rule
normal limit-bandwidth true limit-percentage -1000000 guarantee-bandwidth
add server
Parameter Description
Comments
comments Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
Indicates if the internal DHCP service will not distribute the configured IP ad-
dhcp-exclude-ip-addr dress of this server/network object to anyone
Type: Press TAB to see available options
Indicates if the internal DHCP service will distribute the configured IP address
dhcp-reserve-ip-addr- only to this server/network object according to its MAC address
to-mac Type: Press TAB to see available options
Indicates if the name of the server/network object will be used as a hostname
dns-resolving for internal DNS service
Type: Boolean (true/false)
ipv4-address The beginning of the IP range
MAC address of the server
mac-addr
Type: MAC address
Server object name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
TCP ports for server of type ’other’
tcp-ports
Type: Port range
tcpProtocol
tcpProtocol
Type: Boolean (true/false)
UDP ports for server of type ’other’
udp-ports
Type: Port range
udpProtocol
udpProtocol
Type: Boolean (true/false)
Parameters
Parameter Description
Comments and explanation about the Service Group
comments Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
member An association field for the contained services
Service Group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
Example add service-group name myObject_17 comments This is a comment. member TEXT
add service-icmp
Parameters
Parameter Description
Comments and explanation about the service
comments Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
ICMP code
icmp-code
Type: A number with no fractional part (integer)
ICMP message type
icmp-type
Type: A number with no fractional part (integer)
Service name
name
Type: String
Example add service-icmp name TEXT icmp-code -1000000 icmp-type -1000000 comments
This is a comment.
Output Failure shows an appropriate error message.
add service-protocol
add service-tcp
Parameters
Parameter Description
Comments and explanation about the service
comments Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
Service name
name
Type: String
Destination ports (a comma separated list of ports/ranges)
port
Type: Port range
Example add service-tcp name TEXT port 8080-8090 comments This is a comment.
add service-udp
Parameters
Parameter Description
Comments and explanation about the service
comments Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
Service name
name
Type: String
Destination ports (a comma separated list of ports/ranges)
port
Type: Port range
Example add service-udp name TEXT port 8080-8090 comments This is a comment.
add snmp
Configured destinations to receive traps sent by the SNMP agent, a trap is an SNMP agent’s way of notifying the
manager that something is wrong
add snmp
Description Configured destinations to receive traps sent by the SNMP agent, a trap is an SNMP agent’s way of
notifying the manager that something is wrong
Parameters
Parameter Description
Community name of the receivers trap, public is default for version2 users
community
Type: A string of alphanumeric characters without space between them
Receivers IP address that the trap associated with
traps-receiver
Type: IP address
user SNMP version3 Defined users
SNMP Version number, options are: v2 or v3
version
Type: Press TAB to see available options
add snmp
Description SNMP version3 user configuration options for: security level, authentication settings and passwords
Parameters
Parameter Description
Authentication password for the SNMP version3 user
auth-pass-phrase
Type: A string that contains alphanumeric and special characters
Authentication protocol type for the version3 user, options are: MD5 or SHA1
auth-pass-type
Options: MD5, SHA1
Privacy password chosen by the version3 user in case privacy is set
privacy-pass-phrase
Type: A string that contains alphanumeric and special characters
Privacy protocol type for the version3 user, options are: AES or DES
privacy-pass-type
Options: AES, DES
Does Privacy protocol for this version3 user was set in the security level
security-level
Type: Boolean (true/false)
version3 user name
user
Type: A string that contains (0-9, a-z, - . @) up to 64 characters without spaces
add static-route
Parameters
Parameter Description
IP address and subnet length of the destination of the packet in the format
destination IP/subnet. e.g. 192.168.0.0/16
Type: An IP address with a mask length
Metric
metric
Type: A number with no fractional part (integer)
Route service name
service
Type: String
IP address and subnet length of the source of the packet in the format IP/subnet.
source e.g. 192.168.1.0/24
Type: An IP address with a mask length
add switch
Description Switch
Parameters
Parameter Description
Name
name
Type: A switch name can be LAN[1-8]_Switch
Parameter Description
Indicates the action when the file type is detected
action
Options: block, pass, scan
The file description
description Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
File extension that represents this file type
extension Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
Parameters
Parameter Description
The action taken when there is a match on the rule
action
Options: ask, prevent, detect, inactive
Additional description for the exception
comment Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
The logging method used when there is a match on the rule: None - do not log,
log Log - Create log, Alert - log with alert
Options: none, log, alert
The name of the exception
name
Type: A string of alphanumeric characters without space between them
The blade to which the exception applies: Anti-Virus and Anti-Bot (malware),
protection Anti-Virus (antivirus) or Anti-Bot (antibot)
Options: any, any-ab, any-av
scope IP address, network object or user group that the exception applies to
Parameters
Parameter Description
Comment on the IPS Network exception
comment Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
destination Network object that is the target of the connection
If true, the destination is all traffic except what is defined in the destination field
destination-negate
Type: Boolean (true/false)
protection-name Indicates if the exception rule will be matched on all IPS protections or a specific
one
service Type of network service that is under exception
If true, the service is everything except what is defined in the service field
service-negate
Type: Boolean (true/false)
source Network object or user group that initiates the connection
If true, the service is everything except what is defined in the service field
source-negate
Type: Boolean (true/false)
Parameters
Parameter Description
Comment on the IPS Network exception
comment Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
destination Network object that is the target of the connection
If true, the destination is all traffic except what is defined in the destination field
destination-negate
Type: Boolean (true/false)
protection-code Indicates if the exception rule will be matched on all IPS protections or a specific
one
service Type of network service that is under exception
If true, the service is everything except what is defined in the service field
service-negate
Type: Boolean (true/false)
source Network object or user group that initiates the connection
If true, the service is everything except what is defined in the service field
source-negate
Type: Boolean (true/false)
Parameter Description
MD5 encryption for the file in the whitelist
md5 Type: MD5 checksum of a file. Contains only [a-f] and [0-9] characters and of
exact length of 32
Parameters
Parameter Description
URL
url
Type: URL
remote-site-link-selection {
Parameters
Parameters
Parameter Description
Wireless network name (SSID)
ssid
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and space characters
connect security-management
Parameters
Parameter Description
The logs are sent to this address
addr
Type: An IP address or host name
Indicates if the management address used in the next manual fetch command
will be saved and continuously used instead of the address downloaded in the
local-override-mgmt-
policy
addr
Type: Boolean (true/false)
Parameters
Parameter Description
name
name
Type: A string of alphanumeric characters without space between them
Parameter Description
The order of the rule in comparison to other manual rules
position
Type: Decimal number
Parameters
Parameter Description
The order of the rule in comparison to other manual rules
position
Type: Decimal number
Parameters
Parameter Description
name
name
Type: A string of alphanumeric characters without space between them
delete ad-server
Parameters
Parameter Description
Domain name
domain
Type: Host name
Parameters
Parameter Description
Network Object name
name
Type: String
delete admin-access-ipv4-address
Parameters
Parameter Description
IP address
ipv4-address
Type: IP address
delete administrator
Parameters
Parameter Description
Indicates the administrator user name
username
Type: A string that contains [A-Z], [0-9], and ’_’ characters
delete aggressive-aging
List of allowed IP addresses, email addresses (senders) and domains for Anti-Spam blade
Parameters
Parameter Description
Anti-Spam allowed domain or sender
sender-or-domain
Type: A domain name or email address
Parameters
Parameter Description
Anti-Spam allowed IP address
ipv4-addr
Type: IP address
List of blocked IP addresses, email addresses (senders) and domains for Anti-Spam blade
Parameters
Parameter Description
Anti-Spam blocked domain or sender
sender-or-domain
Type: A domain name or email address
Parameters
Parameter Description
Anti-Spam blocked IP address
ipv4-addr
Type: IP address
delete application
Description Database of user-defined URLs
Parameters
Parameter Description
The ID of the application
application-id
Type: A number with no fractional part (integer)
delete application
Description Database of user-defined URLs
Parameters
Parameter Description
Application name
application-name
Type: URL
delete application-group
delete application-group
Description User defined application group
Parameters
Parameter Description
Application group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - . &) characters without spaces
delete application-group
Description User defined application group
Parameters
Parameter Description
The ID of the application group
application-group-id
Type: A number with no fractional part (integer)
delete bridge
Parameters
Parameter Description
Bridge name
name
Type: A bridge name can be br0-9
Parameters
Parameter Description
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
delete dns
Description Configure DNS and Domain settings for the device
delete dns
Description Configure DNS and Domain settings for the device
delete dns
Description Configure DNS and Domain settings for the device
delete dns
Description Configure DNS and Domain settings for the device
Parameters
Parameter Description
Network Object group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
delete host
Parameters
Parameter Description
Network Object name
name
Type: String
delete interface
Parameters
Parameter Description
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Parameters
Parameter Description
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
delete internet-connection
Internet Connection
delete internet-connection
Description Internet Connection
Parameters
Parameter Description
Connection name
name
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’ and space characters
delete internet-connection
Description Internet Connection
Parameters
Parameter Description
Connection name
name
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’ and space characters
delete local-group
delete local-group
Description Local Users Group
Parameters
Parameter Description
Local group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
delete local-group
Description Local Users Group
delete local-user
Parameters
Parameter Description
User’s name in the local database
name
Type: A string that contains (0-9, a-z, - . @) up to 64 characters without spaces
delete local-user
Description Configure a local database of users
delete nat-rule
Parameters
Parameter Description
name
name
Type: A string of alphanumeric characters without space between them
Parameters
Parameter Description
The order of the rule in comparison to other manual rules
position
Type: Decimal number
Parameters
Parameter Description
IP address
ip
Type: IP address
UDP port
port
Type: Port number
delete network
Parameter Description
Network Object name
name
Type: String
delete proxy
Description Configure proxy settings for connecting with Check Point update and license servers
delete qos-rule
Description QoS rule base rule configuration
Parameters
Parameter Description
The order of the rule in comparison to other manual rules
idx
Type: Decimal number
delete qos-rule
Description QoS rule base rule configuration
Parameters
Parameter Description
name
name
Type: A string of alphanumeric characters without space between them
delete radius-server
Parameters
Parameter Description
Priority of the choose tab, can be primary or secondary
priority
Type: A number with no fractional part (integer)
Parameters
Parameter Description
Server object name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
delete service-group
Parameters
Parameter Description
Service Group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
delete service-icmp
Parameters
Parameter Description
Service name
name
Type: String
Parameters
Parameter Description
Service name
name
Type: String
delete service-tcp
Parameters
Parameter Description
Service name
name
Type: String
delete service-udp
Parameters
Parameter Description
Service name
name
Type: String
Configured destinations to receive traps sent by the SNMP agent, a trap is an SNMP agent’s way of notifying the
manager that something is wrong
delete snmp
Description Configured destinations to receive traps sent by the SNMP agent, a trap is an SNMP agent’s way of
notifying the manager that something is wrong
Parameters
Parameter Description
Receivers IP address that the trap associated with
traps-receiver
Type: IP address
delete snmp
Description SNMP version3 user configuration options for: security level, authentication settings and passwords
Parameter Description
version3 user name
user
Type: A string that contains (0-9, a-z, - . @) up to 64 characters without spaces
delete snmp
Description SNMP general configuration options
delete snmp
Description SNMP general configuration options
Description Configured destinations to receive traps sent by the SNMP agent, a trap is an SNMP agent’s way of
notifying the manager that something is wrong
Description SNMP version3 user configuration options for: security level, authentication settings and passwords
delete static-route
Parameters
Parameter Description
id
id
Type: A number with no fractional part (integer)
delete static-routes
delete streaming-engine-settings
delete switch
Description Switch
Parameters
Parameter Description
Name
name
Type: A switch name can be LAN[1-8]_Switch
Parameters
Parameter Description
File extension that represents this file type
extension Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
Parameters
Parameter Description
The name of the exception
name
Type: A string of alphanumeric characters without space between them
Parameters
Parameter Description
The order of the rule in comparison to other rules
position
Type: Decimal number
Parameters
Parameter Description
The order of the rule in the rule base
position
Type: Decimal number
Parameters
Parameter Description
MD5 encryption for the file in the whitelist
md5 Type: MD5 checksum of a file. Contains only [a-f] and [0-9] characters and of
exact length of 32
Parameters
Parameter Description
URL
url
Type: URL
delete ui-settings
delete vpn
Parameters
Parameter Description
A number identifying the Virtual Tunnel Interface (VTI)
tunnel
Type: A number with no fractional part (integer)
Parameters
Parameter Description
Site name
name Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
delete wlan
Parameters
Parameter Description
The name of the Virtual Access Point
vap
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
find application
Description Application
Syntax find application <application-name>
Parameters
Parameter Description
The name of the IPS topic
name
Type: A string of alphanumeric characters without space between them
reconnect cloud-services
send cloud-report
Parameters
Parameter Description
The report type
type
Options: top-last-hour, top-last-day, top-last-week, top-last-month, 3d
Parameters
Parameter Description
The action taken when there is a match on the rule
action
Options: block, accept, ask, inform, block-inform
Description of the rule
comment Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
destination Network object that is the target of the connection
If true, the destination is all traffic except what is defined in the destination field
destination-negate
Type: Boolean (true/false)
Indicates if the rule is disabled
disabled
Type: Boolean (true/false)
If true, time is configured
hours-range-enabled
Type: Boolean (true/false)
Time in the format HH:MM
hours-range-from
Type: A time format hh:mm
Time in the format HH:MM
hours-range-to
Type: A time format hh:mm
Defines which logging method to use: None - do not log, Log - Create log, Alert
log - log with alert, Account - account rule
Options: none, log, alert, account
name
name
Type: A string of alphanumeric characters without space between them
The order of the rule in comparison to other manual rules
position
Type: Decimal number
The order of the rule in comparison to other manual rules
position-above
Type: Decimal number
The order of the rule in comparison to other manual rules
position-below
Type: Decimal number
service The network service object that the rule should match to
If true, the service is everything except what is defined in the service field
service-negate
Type: Boolean (true/false)
source Network object or user group that initiates the connection
If true, the source is all traffic except what is defined in the source field
source-negate
Type: Boolean (true/false)
Indicates if traffic is matched on encrypted traffic only or all traffic
vpn
Type: Boolean (true/false)
Parameters
Parameter Description
The action taken when there is a match on the rule
action
Options: block, accept, ask, inform, block-inform
Description of the rule
comment Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
destination Network object that is the target of the connection
If true, the destination is all traffic except what is defined in the destination field
destination-negate
Type: Boolean (true/false)
Indicates if the rule is disabled
disabled
Type: Boolean (true/false)
If true, time is configured
hours-range-enabled
Type: Boolean (true/false)
Time in the format HH:MM
hours-range-from
Type: A time format hh:mm
Time in the format HH:MM
hours-range-to
Type: A time format hh:mm
Defines which logging method to use: None - do not log, Log - Create log, Alert
log - log with alert, Account - account rule
Options: none, log, alert, account
name
name
Type: A string of alphanumeric characters without space between them
The order of the rule in comparison to other manual rules
position
Type: Decimal number
The order of the rule in comparison to other manual rules
position-above
Type: Decimal number
The order of the rule in comparison to other manual rules
position-below
Type: Decimal number
service The network service object that the rule should match to
If true, the service is everything except what is defined in the service field
service-negate
Type: Boolean (true/false)
source Network object or user group that initiates the connection
If true, the source is all traffic except what is defined in the source field
source-negate
Type: Boolean (true/false)
Indicates if traffic is matched on encrypted traffic only or all traffic
vpn
Type: Boolean (true/false)
Example set access-rule type incoming-internal-and-vpn name word action block log
Parameters
Parameter Description
The action taken when there is a match on the rule
action
Options: block, accept, ask, inform, block-inform
application-id Applications or web sites that are accepted or blocked
application-name Applications or web sites that are accepted or blocked
If true, the rule accepts or blocks all applications but the selected application
application-negate
Type: Boolean (true/false)
Description of the rule
comment Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
destination Network object that is the target of the connection
If true, the destination is all traffic except what is defined in the destination field
destination-negate
Type: Boolean (true/false)
Indicates if the rule is disabled
disabled
Type: Boolean (true/false)
If true, time is configured
hours-range-enabled
Type: Boolean (true/false)
Time in the format HH:MM
hours-range-from
Type: A time format hh:mm
Time in the format HH:MM
hours-range-to
Type: A time format hh:mm
Applications traffic upload limit (in kbps)
limit
Type: A number with no fractional part (integer)
If true, download is limited
limit-application-
Type: Boolean (true/false)
download
Example set access-rule type outgoing position 2 action block log none
source TEXT source-negate true destination TEXT destination-negate true
service TEXT service-negate true disabled true comment This is a comment.
hours-range-enabled true hours-range-from 23:20 hours-range-to 23:20
position 2 name word application-name hasOne application-negate true
limit-application-download true limit -1000000 limit-application-upload true
limit -1000000
Parameters
Parameter Description
The action taken when there is a match on the rule
action
Options: block, accept, ask, inform, block-inform
application-id Applications or web sites that are accepted or blocked
application-name Applications or web sites that are accepted or blocked
If true, the rule accepts or blocks all applications but the selected application
application-negate
Type: Boolean (true/false)
Example set access-rule type outgoing name word action block log none source
TEXT source-negate true destination TEXT destination-negate true service
TEXT service-negate true disabled true comment This is a comment.
hours-range-enabled true hours-range-from 23:20 hours-range-to 23:20
position 2 name word application-name hasOne application-negate true
limit-application-download true limit -1000000 limit-application-upload true
limit -1000000
set ad-server
Parameter Description
The branch of the domain to be used
branch-path
Type: An LDAP DN
Domain name
domain
Type: Host name
ipv4-address Domain controller IP address
The user’s password
password
Type: A string that contains alphanumeric and special characters
Select only if you want to use only part of the user database defined in the Active
use-branch-path Directory
Type: Boolean (true/false)
FQDN of the user
user-dn
Type: An LDAP DN
A user name with administrator privileges to communicate with the AD server
username
Type: A string that contains (0-9, a-z, - . @) up to 64 characters without spaces
set additional-hw-settings
Parameters
Parameter Description
Indicates the amount of time (in seconds) that you need to press and hold the
reset-timeout factory defaults button on the back panel to restore to the factory defaults image
Type: A number with no fractional part (integer)
set address-range
Parameters
Parameter Description
Indicates if the object’s IP address(es) is excluded from internal DHCP daemon
dhcp-exclude-ip-addr
Options: on, off
end-ipv4 The end of the IP range
set admin-access
Parameters
Parameter Description
Enable administrator access from the Internet (clear traffic from external inter-
access faces)
Type: Boolean (true/false)
Administrator access permissions policy for source IP addresses
allowed-ipv4-
Options: any, from-ip-list, any-except-internet
addresses
SSH Port
ssh-access-port
Type: Port number
Web Port (HTTPS)
web-access-port
Type: Port number
set administrator
set administrator
Description Configured administrator for the appliance
Syntax set administrator username <username> password
Parameters
Parameter Description
Indicates the administrator user name
username
Type: A string that contains [A-Z], [0-9], and ’_’ characters
set administrator
Description Configured administrator for the appliance
Parameters
Parameter Description
Virtual field used for calculating a hashed password
password-hash
Type: An encrypted password
Indicates if the administrator has read-only permissions
permission
Options: read-write, readonly
Indicates the administrator user name
username
Type: A string that contains [A-Z], [0-9], and ’_’ characters
set administrator
Description Configured administrator for the appliance
Parameters
Parameter Description
Virtual field used for calculating a hashed password
password-hash
Type: An encrypted password
Indicates if the administrator has read-only permissions
permission
Options: read-write, readonly
Indicates the administrator user name
username
Type: A string that contains [A-Z], [0-9], and ’_’ characters
Description Limit administrators login failure attempts for before locking out for a defined period of time
Syntax set administrator session-settings [ lockout-enable <lockout-enable> ] [
max-lockout-attempts <max-lockout-attempts> ] [ lock-period <lock-period> ] [
inactivity-timeout <inactivity-timeout> ]
Parameter Description
Allowed web interface session idle time before automatic logout is executed (in
inactivity-timeout minutes)
Type: A number with no fractional part (integer)
Once locked out, the administrator will be unable to login for this long
lock-period
Type: A number with no fractional part (integer)
Limit administrators login failure attempts
lockout-enable
Options: on, off
The maximum number of consecutive login failure attempts before the adminis-
max-lockout-attempts trator is locked out
Type: A number with no fractional part (integer)
set administrators
Parameters
Parameter Description
Administrators role
permission
Options: read-write, readonly
Administrators RADIUS authentication
radius-auth
Type: Boolean (true/false)
RADIUS groups for authentication. Example: RADIUS-group1, RADIUS-class2
radius-groups
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’, ’,’ and space characters
Use RADIUS groups for authentication
use-radius-groups
Type: Boolean (true/false)
set aggressive-aging
set aggressive-aging
Description Connections aggressive aging
Parameters
Parameter Description
Connection table percentage limit
connt-limit-high-
Type: A number with no fractional part (integer)
watermark-pct
Memory consumption percentage limit
connt-mem-high-
Type: A number with no fractional part (integer)
watermark-pct
Enable aggressive aging of connections
general
Type: Boolean (true/false)
ICMP connections reduced timeout
icmp-timeout
Type: A number with no fractional part (integer)
Enable reduced timeout for ICMP connections
icmp-timeout-enable
Type: Boolean (true/false)
Tracking options for aggressive aging
log
Options: log, none
Choose when aggressive aging timeouts are enforced
memory-conn-status
Options: both, connections, memory
Other IP protocols reduced timeout
other-timeout
Type: A number with no fractional part (integer)
Enable reduced timeout for non TCP/UDP/ICMP connections
other-timeout-enable
Type: Boolean (true/false)
Pending Data connections reduced timeout
pending-timeout
Type: A number with no fractional part (integer)
Enable reduced timeout for non TCP/UDP/ICMP connections
pending-timeout-
Type: Boolean (true/false)
enable
TCP termination reduced timeout
tcp-end-timeout
Type: A number with no fractional part (integer)
Enable reduced timeout for TCP termination
tcp-end-timeout-
Type: Boolean (true/false)
enable
TCP handshake reduced timeout
tcp-start-timeout
Type: A number with no fractional part (integer)
Enable reduced timeout for TCP handshake
tcp-start-timeout-
Type: Boolean (true/false)
enable
TCP session reduced timeout
tcp-timeout
Type: A number with no fractional part (integer)
Enable reduced timeout for TCP session
tcp-timeout-enable
Type: Boolean (true/false)
UDP connections reduced timeout
udp-timeout
Type: A number with no fractional part (integer)
Enable reduced timeout for UDP connections
udp-timeout-enable
Type: Boolean (true/false)
set aggressive-aging
Description Connections aggressive aging
set antispam
set antispam
Description Policy for Anti-Spam blade
Parameters
Parameter Description
set antispam
Description Policy for Anti-Spam blade
set antispam
Description Policy for Anti-Spam blade
set antispam
Description Policy for Anti-Spam blade
Syntax set antispam advanced-settings allow-mail-track <allow-mail-track>
set antispam
Description Policy for Anti-Spam blade
set antispam
Description Policy for Anti-Spam blade
set antispam
Description Policy for Anti-Spam blade
set application
Parameters
Parameter Description
Application name
application-name
Type: URL
url Application URL
set application
Description Database of user-defined URLs
Syntax set application application-name <application-name> remove url <url>
Parameters
Parameter Description
Application name
application-name
Type: URL
url Application URL
set application
Description Database of user-defined URLs
Parameters
Parameter Description
The ID of the application
application-id
Type: A number with no fractional part (integer)
url Application URL
Parameters
Parameter Description
The ID of the application
application-id
Type: A number with no fractional part (integer)
url Application URL
set application
Description Database of user-defined URLs
Parameters
Parameter Description
Application name
application-name
Type: URL
category Category name
set application
Description Database of user-defined URLs
Parameters
Parameter Description
Application name
application-name
Type: URL
category Category name
Parameters
Parameter Description
The ID of the application
application-id
Type: A number with no fractional part (integer)
category Category name
set application
Description Database of user-defined URLs
Parameters
Parameter Description
The ID of the application
application-id
Type: A number with no fractional part (integer)
category Category name
set application
Description Database of user-defined URLs
Parameters
Parameter Description
The ID of the application
application-id
Type: A number with no fractional part (integer)
The primary category for the application (the category which is the most rele-
category
vant)
Indicates if regular expressions are used instead of partial strings
regex-url
Type: Boolean (true/false)
Parameters
Parameter Description
Application name
application-name
Type: URL
The primary category for the application (the category which is the most rele-
category
vant)
Indicates if regular expressions are used instead of partial strings
regex-url
Type: Boolean (true/false)
set application-control
Parameters
Parameter Description
Block file sharing using torrents and peer-to-peer applications
block-file-sharing-
Type: Boolean (true/false)
applications
Control content by blocking Internet access to websites with inappropriate con-
block-inappropriate- tent such as sex, violence, weapons, gambling, and alcohol
content Type: Boolean (true/false)
Manually add and block applications or categories of URLs to a group of unde-
block-other-undesired- sired applications
applications Type: Boolean (true/false)
Block applications and URLs that can be a security risk and are categorized as
block-security- spyware, phishing, botnet, spam, anonymizer, or hacking
categories Type: Boolean (true/false)
Indicates if applications that use a lot of bandwidth are limited (also used for
limit-bandwidth QoS)
Type: Boolean (true/false)
If true, traffic for downloading is limited to the value in maxLimitedDownload
limit-download
Type: Boolean (true/false)
If true, traffic for uploading is limited to the value in maxLimitedDownload
limit-upload
Type: Boolean (true/false)
Applications & URLs mode - true for on, false for off
mode
Type: Boolean (true/false)
set application-group
set application-group
Description User defined application group
Parameter Description
application-name Application or group name
Application group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - . &) characters without spaces
set application-group
Description User defined application group
Parameter Description
application-name Application or group name
Application group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - . &) characters without spaces
Parameters
Parameter Description
application-id The ID of the application or the group
Application group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - . &) characters without spaces
set application-group
Description User defined application group
Syntax set application-group name <name> remove application-id <application-id>
Parameters
Parameter Description
application-id The ID of the application or the group
Application group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - . &) characters without spaces
set application-group
Description User defined application group
Parameters
Parameter Description
The ID of the application group
application-group-id
Type: A number with no fractional part (integer)
application-name Application or group name
Parameters
Parameter Description
The ID of the application group
application-group-id
Type: A number with no fractional part (integer)
application-name Application or group name
set application-group
Description User defined application group
Parameter Description
The ID of the application group
application-group-id
Type: A number with no fractional part (integer)
application-id The ID of the application or the group
set application-group
Description User defined application group
Parameters
Parameter Description
The ID of the application group
application-group-id
Type: A number with no fractional part (integer)
application-id The ID of the application or the group
set bridge
Description Bridge configured in the device
Parameters
Parameter Description
Bridge name
name
Type: A bridge name can be br0-9
Spanning Tree Protocol mode
stp
Options: on, off
set bridge
Description Bridge configured in the device
Parameters
Parameter Description
member Network name
Bridge name
name
Type: A bridge name can be br0-9
set bridge
Description Bridge configured in the device
Parameters
Parameter Description
member Network name
Bridge name
name
Type: A bridge name can be br0-9
Parameters
Parameter Description
The DNS or IP address through which the device will connect to the cloud ser-
cloud-url vice
Type: URL
Container
container
Type: String
The appliance name used to identify the gateway
gateway-name
Type: A string that contains [A-Z], [0-9] and ’-’ characters
Template
template
Type: String
set cloud-services
Cloud Services
set cloud-services
Description Cloud Services
Parameters
Parameter Description
A key received from the Cloud Services provider which is used to initialize the
activation-key connection to the Cloud Services
Type: String
Is the service center URL is a trusted certificate
confirm-untrusted-
Type: Boolean (true/false)
certificate
Gateway id (in the format <gateway name>.<portal name>). This is not needed
gateway-id if an activation-key was configured.
Type: A string of alphanumeric characters without space between them
Indicates if the device is managed by a cloud service
mode
Options: off, on
Registration key that acts as a password when connecting to the cloud service
registration-key for the first time. This is not needed if an activation-key was configured.
Type: A registration key
set cloud-services
Description Cloud Services
set date
Manual time
set date
Description Manual time
Parameters
Parameter Description
Date in the format YYYY-MM-DD
date
Type: A date format yyyy-mm-dd
set date
Description Manual time
Parameters
set date
Description Manual time
Parameters
Parameter Description
timezone Timezone location
set date
Description Manual time
Parameters
Parameter Description
Automatic adjustment clock for daylight saving changes flag
timezone-dst auto-
Options: on, off
matic
set device-details
Parameter Description
The country where you are located. The country configured for the WLAN
country
Options: country
The appliance name used to identify the gateway.
hostname
Type: A string that contains [A-Z], [0-9] and ’-’ characters
Syntax set dhcp server interface <cliName> custom-option name <custom-option name>
type <type> tag <tag> data <data>
Parameters
Parameter Description
cliName
cliName
Type: virtual
Set the name of the object
custom-option name
Type: A string that contains alphanumeric characters or hyphen
Set the desired value of the object
data
Type: String
Select a unique tag for the object
tag
Type: A number with no fractional part (integer)
Select the appropriate type to store your object
type Options: string, int8, int16, int32, uint8, uint16, uint32, boolean, ipv4-address,
ipv4-address-array, hex-string
Example set dhcp server interface virtual custom-option name MyOption type string
tag -1000000 data TEXT
Parameters
Parameter Description
Use DHCP Server with a specified IP address range
dhcp
Options: off, on, relay
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Syntax set dhcp server interface <name> relay relay-to <relay relay-to> [ secondary
<secondary> ]
Parameters
Parameter Description
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Enter the DHCP server IP address
relay relay-to
Type: IP address
Enter the secondary DHCP server IP address
secondary
Type: IP address
Example set dhcp server interface My_Network relay relay-to 192.168.1.1 secondary
192.168.1.1
Output Failure shows an appropriate error message.
Parameters
Parameter Description
DHCP range
include-ip-pool
Type: A range of IP addresses
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Parameters
Parameter Description
DHCP exclude range (IPv4 address range format)
exclude-ip-pool
Type: A range of IP addresses
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Parameters
Parameter Description
default-gateway A virtual field calculated by the values of the fields: dhcpGwMode & dhcpGw
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Parameters
Parameter Description
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
wins-mode Configure the WINS Server
Syntax set dhcp server interface <name> wins primary <wins primary> [ secondary
<secondary> ]
Parameters
Parameter Description
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
secondary Configure the IP address for the second WINS server
wins primary Configure the IP address for the first WINS server
Example set dhcp server interface My_Network wins primary 192.168.1.1 secondary
192.168.1.1
Output Failure shows an appropriate error message.
Parameters
Parameter Description
Configure the timeout in hours for a single device to retain a dynamically ac-
lease-time
quired IP address
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Parameters
Parameter Description
domain The domain name of the DHCP
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Syntax set dhcp server interface <name> ntp <ntp> [ secondary <secondary> ]
Parameters
Parameter Description
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
ntp Configure the first NTP (Network Time Protocol) server to be distributed to
DHCP client
secondary Configure the second NTP (Network Time Protocol) server to be distributed to
DHCP client
Example set dhcp server interface My_Network ntp 192.168.1.1 secondary 192.168.1.1
Parameters
Parameter Description
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
tftp Configure TFTP server to be distributed to DHCP client
Parameters
Parameter Description
file Configure TFTP bootfile to be distributed to DHCP client
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Syntax set dhcp server interface <name> callmgr <callmgr> [ secondary <secondary> ]
Parameters
Parameter Description
callmgr Configure the first Call manager server to be distributed to DHCP client
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
secondary Configure the second Call manager server to be distributed to DHCP client
Parameters
Parameter Description
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
xwin-display-mgr Configure X-Windows display manager to be distributed to DHCP client
Parameters
Parameter Description
avaya-voip Configure Avaya IP phone to be distributed to DHCP client
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Parameters
Parameter Description
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
nortel-voip Configure Nortel IP phone to be distributed to DHCP client
Parameter Description
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
thomson-voip Configure Thomson IP phone to be distributed to DHCP client
Parameters
Parameter Description
dns Configure the DNS Server
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Syntax set dhcp server interface <name> dns primary <dns primary>
Parameters
Parameter Description
dns primary Configure the IP address for the first DNS server
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Syntax set dhcp server interface <name> dns secondary <dns secondary>
Parameters
Parameter Description
dns secondary Configure the IP address for the second DNS server
Syntax set dhcp server interface <name> dns tertiary <dns tertiary>
Parameters
Parameter Description
dns tertiary Configure the IP address for the third DNS server
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Parameters
Parameter Description
custom-option Set the name of the object
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
set dhcp-relay
set dns
Description Configure DNS and Domain settings for the device
Parameters
Parameter Description
First global DNS IP address
primary ipv4-address
Type: IP address
Second global DNS IP address
secondary ipv4-
Type: IP address
address
Third global DNS IP address
tertiary ipv4-address
Type: IP address
set dns
Description Configure DNS and Domain settings for the device
Parameters
Parameter Description
Status of appliance using global DNS servers
mode
Options: global, internet
set dns
Description Configure DNS and Domain settings for the device
Parameters
Parameter Description
Relay DNS requests from internal network clients to the DNS servers defined
proxy above
Type: Press TAB to see available options
set dns
Description Configure DNS and Domain settings for the device
Parameters
Parameter Description
Identification string that defines a realm of administrative autonomy, authority, or
domainname control in the Internet
Type: A FQDN
set dynamic-dns
set dynamic-dns
Description Configure a persistent domain name for the device
Parameters
Parameter Description
The domain name (sometimes called host name) within your account that the
domain device will use
Type: A FQDN
Is the DDNS service active
is-active
Type: Boolean (true/false)
The password of the account
password
Type: A string that contains alphanumeric and special characters
Select the DDNS provider that you have already set up an account with
provider
Options: no-ip.com, DynDns
The user name of the account
Type: DynDns provider: begins with a letter and have 2-25 alphanumeric char-
user
acters. no-ip.com provider: length is 6-15 characters and contains only a-z, 0-9,
-, _
set dynamic-dns
Description Configure a persistent domain name for the device
Parameters
Parameter Description
Is the DDNS service active
is-active
Type: Boolean (true/false)
set dynamic-dns
Description Configure a persistent domain name for the device
Parameter Description
The domain name (sometimes called host name) within your account that the
domain device will use
Type: A FQDN
The password of the account
password
Type: A string that contains alphanumeric and special characters
Select the DDNS provider that you have already set up an account with
provider
Options: no-ip.com, DynDns
The user name of the account
Type: DynDns provider: begins with a letter and have 2-25 alphanumeric char-
user
acters. no-ip.com provider: length is 6-15 characters and contains only a-z, 0-9,
-, _
set fw policy
Parameters
Parameter Description
mode Current mode for firewall policy
Indicates if accepted connections are logged
track-allowed-traffic
Options: none, log
Indicates if blocked connections are logged
track-blocked-traffic
Options: none, log
set fw policy
Description The activation modes for firewall
Parameters
Parameter Description
name Service or service group name
set fw policy
Description The activation modes for firewall
Parameters
Parameter Description
name Service or service group name
Description User Check is a customizable message shown to users upon match, and allows to ’ask’ the user for
the desired action
Parameters
Parameter Description
The informative text that appears in the APPI ’Accept’ user message
body
Type: A string that contains only printable characters
Indicates the action to take when an ’Accept’ user message cannot be displayed
fallback-action
Options: block, accept
Indicates how often is the APPI ’Accept’ user message is being presented to the
frequency same user
Options: day, week, month
The subject of an APPI ’Accept’ user message
subject
Type: A string that contains only printable characters
The title of an APPI ’Accept’ user message
title
Type: A string that contains only printable characters
Description User Check is a customizable message shown to users upon match, and allows to ’ask’ the user for
the desired action
Parameters
Parameter Description
The informative text that appears in the APPI ’Ask’ user message
body
Type: A string that contains only printable characters
This text appears next to the ’ignore warning’ checkbox of an APPI ’Ask’ user
confirm-text message
Type: A string that contains only printable characters
The action that is performed when the ’Ask’ message cannot be shown
fallback-action
Options: block, accept
Indicates how often is the APPI ’Ask’ user message is being presented to the
frequency same user
Options: day, week, month
Indicates if the user must enter a reason for ignoring this message in a desig-
reason-displayed nated text dialog
Type: Boolean (true/false)
The subject of an APPI ’Ask’ user message
subject
Type: A string that contains only printable characters
The title of an APPI ’Ask’ user message
title
Type: A string that contains only printable characters
Description User Check is a customizable message shown to users upon match, and allows to ’ask’ the user for
the desired action
Parameter Description
The informative text that appears in the APPI ’Block’ user message
body
Type: A string that contains only printable characters
Indicates if the user will be redirected to a custom URL in case of a ’Block’ action
redirect-to-url
Type: Boolean (true/false)
Indicates the URL to redirect the user in case of a ’Block’ action if configured
to do so. The URL to redirect the user in case of a ’Block’ action. Redirection
redirect-url
happens only if this functionality is turned on
Type: urlWithHttp
The subject of an APPI ’Block’ user message
subject
Type: A string that contains only printable characters
The title of an APPI ’Block’ user message
title
Type: A string that contains only printable characters
set group
set group
Description Network Objects Group model
Parameters
Parameter Description
Comments and explanation about the Network Object group
comments Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
set group
Description Network Objects Group model
Parameters
Parameter Description
Network Object group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
set group
Description Network Objects Group model
Syntax set group <name> add member <member>
Parameters
Parameter Description
member Network Object name
Network Object group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
set group
Description Network Objects Group model
Syntax set group <name> remove member <member>
Parameters
set host
Parameters
Parameter Description
Indicates if the object’s IP address(es) is excluded from internal DHCP daemon
dhcp-exclude-ip-addr
Type: Press TAB to see available options
Indicates if the IP address is reserved in internal DHCP daemon
dhcp-reserve-ip-addr-
Type: Press TAB to see available options
to-mac
Indicates if the name of the server/network object will be used as a hostname
dns-resolving for internal DNS service
Type: Boolean (true/false)
ipv4-address The beginning of the IP range
MAC address of the Network Object
mac-addr
Type: MAC address
Network Object name
name
Type: String
set hotspot
Hotspot settings
set hotspot
Description Hotspot settings
Syntax set hotspot [ require-auth <require-auth> ] [ auth-mode <auth-mode> ]
[ allowed-group <allowed-group> ] [ timeout <timeout> ] [ portal-title
<portal-title> ] [ portal-msg <portal-msg> ] [ show-terms-of-use
<show-terms-of-use> ] [ terms-of-use <terms-of-use> ]
Parameter Description
Indicates the specific user group that can authenticate through the hotspot when
allowed-group auth-mode is set to allow-specific-group
Type: A string of alphanumeric characters without space between them
Allow access to a specific user group only or all users
auth-mode
Options: allow-all, allow-specific-group
The message shown in hotspot portal
portal-msg
Type: A string that contains only printable characters
The title of the hotspot portal
portal-title
Type: A string that contains only printable characters
Indicates if user authentication is required
require-auth
Type: Boolean (true/false)
Indicates if a terms and conditions link will be shown in the hotspot portal
show-terms-of-use
Options: on, off
Indicates the When users will click the terms and conditions text shown in the
terms-of-use hotspot portal
Type: A string that contains only printable characters
Time, in minutes, untill the hotspot session expires
timeout
Type: A number with no fractional part (integer)
set hotspot
Description Hotspot settings
Parameters
Parameter Description
exception Network object name
set hotspot
Description Hotspot settings
Parameters
Parameter Description
exception Network object name
set https-categorization
HTTPS categorization
set https-categorization
Description HTTPS categorization
set https-categorization
Description HTTPS categorization
set https-categorization
Description HTTPS categorization
Local network
set interface
Description Local network
Parameters
Parameter Description
Default gateway
default-gw
Type: IP address
First DNS server IP address
dns-primary
Type: IP address
Second DNS server IP address
dns-secondary
Type: IP address
Third DNS server IP address
dns-tertiary
Type: IP address
The IP address
ipv4-address
Type: IP address
Subnet mask length
mask-length
Type: A string that contains numbers only
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Subnet mask
subnet-mask
Type: Subnet mask
set interface
Description Local network
Parameters
Parameter Description
Enter the IP address of the interface
ipv4-address
Type: IP address
Represents the network’s mask length
mask-length
Type: A string that contains numbers only
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Enter the Subnet mask of the specified network
subnet-mask
Type: A subnet mask, or 255.255.255.255
set interface
Description Local network
Parameters
Parameter Description
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
set interface
Description Local network
Parameters
Parameter Description
Enable this option in order to manually configure the link speed of the interface.
auto-negotiation
Options: on, off
Configure the link speed of the interface manually
link-speed
Options: 10/full, 10/half, 100/full, 100/half
Configure the Maximum Transmission Unit size for an interface
mtu
Type: A number with no fractional part (integer)
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
set interface
Description Local network
Parameters
Parameter Description
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
The mode of the network - enabled or disabled
state
Options: on, off
set interface
Description Local network
Parameters
Parameter Description
Description
description Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
set interface
Description Local network
Syntax set interface <name> [ lan-access <lan-access> ] [ lan-access-track
<lan-access-track> ]
Parameters
Parameter Description
Local networks will be accessible from this network once this option is enabled
lan-access
Options: block, accept
Traffic from this network to local networks will be logged once this option is
lan-access-track enabled
Options: none, log
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
set internet
Description Traffic will be distributed automatically across the defined Internet connections according to the con-
figured load balancing weights
Parameters
Parameter Description
The load balancing mode
lb-mode
Options: on, off
set internet-connection
Internet Connection
set internet-connection
Description Internet Connection
Parameters
Parameter Description
Disable auto negotiation and manually define negotiation link speed
auto-negotiation
Options: on, off
Encapsulation type for the ADSL connection
encapsulation
Options: llc, vcmux
Link speed
link-speed
Options: 100/full, 100/half, 10/full, 10/half
Default mac address wrapper
mac-addr
Type: A MAC address or ’default’
MTU size. Select ’default’ for default value.
mtu
Type: A string of alphanumeric characters without space between them
Connection name
name
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’ and space characters
The ADSL standard to use
standard
Options: multimode, t1413, glite, gdmt, adsl2, adsl2+
VCI value for the ADSL connection
vci
Type: A number between 0 and 65535
VPI value for the ADSL connection
vpi
Type: A number between 0 and 4095
set internet-connection
Description Internet Connection
Parameters
Parameter Description
Holds the status of the connect on demand feature
connect-on-demand
Type: Boolean (true/false)
Connection name
name
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’ and space characters
set internet-connection
Description Internet Connection
Parameters
Parameter Description
Connection name
name
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’ and space characters
Connection enabled/disabled
state
Type: Boolean (true/false)
set internet-connection
Description Internet Connection
Parameters
Parameter Description
ISP download bandwidth
bandwidth
Type: A number with no fractional part (integer)
Connection name
name
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’ and space characters
set internet-connection
Description Internet Connection
Parameters
Parameter Description
ISP upload bandwidth
bandwidth
Type: A number with no fractional part (integer)
Connection name
name
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’ and space characters
Enable QoS(quality of service) restriction on outbound traffic(upload)
qos-upload
Type: Boolean (true/false)
set internet-connection
Description Internet Connection
Parameters
Parameter Description
Priority of the connection in HA
ha-priority
Type: A number with no fractional part (integer)
Internet connection weight for load balancing configuration
load-balancing-weight
Type: A number with no fractional part (integer)
Connection name
name
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’ and space characters
set internet-connection
Description Internet Connection
Parameter Description
Connection name
name
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’ and space characters
In order to route traffic through this connection you need to add specific routes
route-traffic-through- through it
default-gateway Type: Boolean (true/false)
set internet-connection
Description Internet Connection
Parameters
Parameter Description
WAN default gateway (in the advanced section of PPTP and l2TP)
default-gw
Type: IP address
First DNS server IP address
dns-primary
Type: IP address
Second DNS server IP address
dns-secondary
Type: IP address
Third DNS server IP address
dns-tertiary
Type: IP address
IP address field(for static ip and bridge settings)
ipv4-address
Type: IP address
Local tunnel IP address or Auto for automatic
local-ipv4-address
Type: An IP address, or ’auto’
Subnet mask length
mask-length
Type: A string that contains numbers only
Connection name
name
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’ and space characters
Password for PPP connection or cellular modem settings
password
Type: internetPassword
The hash of the user password
password-hash
Type: passwordHash
set internet-connection
Description Internet Connection
Parameters
Parameter Description
Disconnect idle time
idle-time
Type: A number with no fractional part (integer)
Local tunnel IP address or Auto for automatic
local-ipv4-address
Type: An IP address, or ’auto’
Authentication method
method
Options: auto, pap, chap
Connection name
name
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’ and space characters
Connection type
type
Type: Press TAB to see available options
set internet-connection
Description Internet Connection
Syntax set internet-connection <name> type { pppoa username <username> { password
<password> | password-hash <password-hash> } | eoa }
Parameters
set internet-connection
Description Internet Connection
Parameters
Parameter Description
WAN default gateway (in the advanced section of PPTP and l2TP)
default-gw
Type: IP address
Disconnect idle time
idle-time
Type: A number with no fractional part (integer)
Local tunnel IP address or Auto for automatic
local-ipv4-address
Type: An IP address, or ’auto’
Authentication method
method
Options: auto, pap, chap
Connection name
name
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’ and space characters
Connection type
type
Type: Press TAB to see available options
Wan IP address wrapper
wan-ipv4-address
Type: An IP address, or ’auto’
WAN subnet mask length
wan-mask-length
Type: A string that contains numbers only
WAN subnet mask(in the advanced section)
wan-subnet-mask
Type: Subnet mask
set internet-connection
Description Internet Connection
Parameters
Parameter Description
APN (cellular modem settings)
apn
Type: A string that contains [a-z], [0-9], ’-’ and ’.’ characters
Connection name
name
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’ and space characters
Dialed number of the cellular modem settings
number
Type: A sequence of numbers and #,* characters
Password for PPP connection or cellular modem settings
password
Type: internetPassword
The hash of the user password
password-hash
Type: passwordHash
Connection type
type
Type: Press TAB to see available options
User name for PPP connection or cellular modem settings
username Type: A string that contains all printable characters but a single or double quote-
like characters. Usually <username>@<ISP>
set internet-connection
Description Internet Connection
Parameters
Parameter Description
Connection name
name
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’ and space characters
Automatically detect loss of connectivity to the default gateway
probe-next-hop
Type: Boolean (true/false)
Monitor connection state by sending probe packets to one or more servers on
probe-servers the Internet
Type: Boolean (true/false)
set internet-connection
Description Internet Connection
Parameter Description
Connection name
name
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’ and space characters
Automatically detect loss of connectivity to the default gateway
probe-next-hop
Type: Boolean (true/false)
Connection probing method
probing-method
Options: icmp, dns
set internet-connection
Description Internet Connection
Parameters
Parameter Description
First IP address for the probing method(when using connection monitoring)
first
Type: An IP address or host name
Connection name
name
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’ and space characters
Connection probing method
probing-method
Options: icmp, dns
Second IP address for the probing method(when using connection monitoring)
second
Type: An IP address or host name
Third IP address for the probing method(when using connection monitoring)
third
Type: An IP address or host name
set ip-fragments-params
IP fragments parameters
set ip-fragments-params
Description IP fragments parameters
Syntax set ip-fragments-params advanced-settings minsize <minsize>
Parameters There are no parameters
Example set ip-fragments-params advanced-settings minsize -1000000
Output Failure shows an appropriate error message.
Parameters
Parameter Description
Indicates how the appliance will track events where the bypass mechanism is
bypass-track activated/deactivated
Options: none, log, alert
Indicates if the IPS engine will move to bypass mode if the appliance is under
bypass-under-load heavy load
Type: Boolean (true/false)
Indicates if the IPS blade will protect internal networks only or protect all net-
protection-scope works (including external networks)
Options: protect-internal-hosts-only, perform-ips-inspection-on-all-traffic
set local-group
Parameters
Parameter Description
Comments
comments Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
Local group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
Local group name
new-name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
Indicates if the users group have remote access permissions
remote-access-on
Type: Boolean (true/false)
Parameters
Parameter Description
Local group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
user-name User’s name in the local database
Parameters
Parameter Description
Local group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
user-name User’s name in the local database
set local-user
Parameter Description
Comments
comments Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
Expiration date for a temporary user in format yyyy-mm-dd
expiration-date
Type: A date format yyyy-mm-dd
Expiration time for a temporary user in format HH:MM
expiration-time
Type: A time format hh:mm
Indicates if the user entry is temporary
is-temp-user
Type: Boolean (true/false)
User’s name in the local database
name
Type: A string that contains (0-9, a-z, - . @) up to 64 characters without spaces
User’s name in the local database
new-name
Type: A string that contains (0-9, a-z, - . @) up to 64 characters without spaces
User’s password in the local database
password
Type: A string that contains alphanumeric and special characters
User’s hashed password (used for importing database)
password-hash
Type: An encrypted password
Always enable remote access permission for user
remote-access-
Type: Boolean (true/false)
always-on
set log-servers-configuration
Parameters
Parameter Description
Determine if an external log server is active
external-log-server-
Type: Boolean (true/false)
enable
This IP address is used if the log server is not located on the Security Manage-
log-server-ip-addr ment Server.
Type: IP address
This IP address is used for establishing trusted communication between the
mgmt-server-ip-addr Check Point Appliance and the log server.
Type: IP address
SIC one time password
one-time-password
Type: A string that contains alphanumeric and special characters
Enter the SIC name of the log server object that was defined in SmartDashboard
sic-name
Type: A SIC name
set loginMessages
Description loginMessages
Parameters
Parameter Description
enabled
enabled
Type: Boolean (true/false)
message
message
Type: virtual
type
type
Options: motd, banner, caption
set nat
NAT global
set nat
Description NAT global
Parameters
Parameter Description
Hide internal networks behind the Gateway’s external IP address
hide-internal-networks
Type: Boolean (true/false)
set nat
Description NAT global
Syntax set nat advanced-settings nat-destination-client-side <nat-destination-client-side>
Parameters There are no parameters
Example set nat advanced-settings nat-destination-client-side true
set nat
Description NAT global
set nat
Description NAT global
set nat
Description NAT global
set nat
Description NAT global
set nat
Description NAT global
Syntax set nat advanced-settings nat-cache-num-entries <nat-cache-num-entries>
Parameters There are no parameters
Example set nat advanced-settings nat-cache-num-entries -1000000
Output Failure shows an appropriate error message.
set nat
Description NAT global
Syntax set nat advanced-settings nat-limit <nat-limit>
Parameters There are no parameters
Example set nat advanced-settings nat-limit -1000000
Output Failure shows an appropriate error message.
set nat
Description NAT global
Syntax set nat advanced-settings increase-hide-capacity <increase-hide-capacity>
Parameters There are no parameters
Example set nat advanced-settings increase-hide-capacity true
Output Failure shows an appropriate error message.
set nat
Description NAT global
Syntax set nat advanced-settings nat-cache-expiration <nat-cache-expiration>
Parameters There are no parameters
Example set nat advanced-settings nat-cache-expiration -1000000
Output Failure shows an appropriate error message.
set nat
Description NAT global
set nat-rule
Parameters
Parameter Description
Comment for manual NAT rule
comment Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
Indicates if rule is disabled
disabled
Type: Boolean (true/false)
The gateway will reply to ARP requests sent to the original destination’s IP ad-
enable-arp-proxy dress (Does not apply to IP ranges/networks)
Type: Boolean (true/false)
Parameters
Parameter Description
Comment for manual NAT rule
comment Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
Indicates if rule is disabled
disabled
Type: Boolean (true/false)
The gateway will reply to ARP requests sent to the original destination’s IP ad-
enable-arp-proxy dress (Does not apply to IP ranges/networks)
Type: Boolean (true/false)
Hide multiple sources behind the translated source addresses
hide-sources
Type: Boolean (true/false)
name
name
Type: A string of alphanumeric characters without space between them
original-destination Original destination of rule
original-service Original service of rule
original-source Original source of rule
Syntax set netflow collector for-ip <for-ip> for-port <for-port> [ ip <ip> ] [ port
<port> ] [ export-format <export-format> ] [ srcaddr <srcaddr> ] [ is-enabled
<is-enabled> ]
Parameters
Parameter Description
Export format
export-format
Options: Netflow_V9, Netflow_V5
IP address
for-ip
Type: IP address
UDP port
for-port
Type: Port number
IP address
ip
Type: IP address
Indicates if netflow is enabled
is-enabled
Type: Boolean (true/false)
UDP port
port
Type: Port number
Source IP address
srcaddr
Type: IP address
Example set netflow collector for-ip 192.168.1.1 for-port 8080 ip 192.168.1.1 port
8080 export-format Netflow_V9 srcaddr 192.168.1.1 is-enabled true
set network
Parameters
Parameter Description
mask-length Mask length
Network Object name
name
Type: String
network-ipv4-address Network address
subnet-mask IP mask used in the related network
set ntp
NTP
set ntp
Description NTP
Syntax set ntp [ local-time-zone <local-time-zone> ] [ auto-adjust-daylight-saving
<auto-adjust-daylight-saving> ]
Parameters
Parameter Description
Auto daylight
auto-adjust-daylight-
Options: on, off
saving
local-time-zone Region on earth that has a uniform standard time
set ntp
Description NTP
Parameters
Parameter Description
Region on earth that has a uniform standard time
active
Options: on, off
set ntp
Description NTP
Parameters
Parameter Description
Time interval (minutes) to update date and time settings from the NTP server
interval
Type: A number with no fractional part (integer)
set ntp
Description NTP
Parameters
Parameter Description
Authentication with NTP servers flag
auth
Type: Press TAB to see available options
Key string for authentication with the NTP servers
secret
Type: A string that contains alphanumeric and special characters
Authentication key identifier
secret-id Type: A number with no fractional part. Values are between -
4,503,599,627,370,495 to 4,503,599,627,370,495
NTP
Parameters
Parameters
Parameter Description
Secondary NTP server
secondary
Type: An IP address or host name
set proxy
Configure proxy settings for connecting with Check Point update and license servers
set proxy
Description Configure proxy settings for connecting with Check Point update and license servers
Parameters
Parameter Description
The proxy port
port
Type: Port number
The proxy Host name or IP address
server
Type: An IP address or host name
set proxy
Description Configure proxy settings for connecting with Check Point update and license servers
set qos
set qos
Description QoS blade basic configuration
Parameter Description
Indicates if QoS blade is enabled
mode
Type: Boolean (true/false)
set qos
Description QoS blade basic configuration
Syntax set qos default-policy [ limit-bandwidth-consuming-applications { true [
limit-upload-traffic <limit-upload-traffic> ] [ upload-limit <upload-limit>
] [ limit-download-traffic <limit-download-traffic> ] [ download-limit
<download-limit> ] | false } ] [ guarantee-bandwidth-to-configured-traffic
<guarantee-bandwidth-to-configured-traffic> [ guarantee-bandwidth-percentage
<guarantee-bandwidth-percentage> ] [ guarantee-bandwidth-traffic
<guarantee-bandwidth-traffic> ] [ guarantee-bandwidth-on-services
<guarantee-bandwidth-on-services> ] ] [ ensure-low-latency-for-delay-sensitive-services
<ensure-low-latency-for-delay-sensitive-services> ]
Parameters There are no parameters
Example set qos default-policy limit-bandwidth-consuming-applications true
limit-upload-traffic true upload-limit -1000000 limit-download-traffic
true download-limit -1000000 guarantee-bandwidth-to-configured-traffic on
guarantee-bandwidth-percentage -1000000 guarantee-bandwidth-traffic vpn
guarantee-bandwidth-on-services all ensure-low-latency-for-delay-sensitive-services
on
Output Failure shows an appropriate error message.
set qos
Description QoS blade basic configuration
A group of services
Parameters
Parameter Description
service Service name
Parameters
Parameter Description
service Service name
A group of services
Parameters
Parameter Description
service Service name
Parameters
Parameter Description
service Service name
set qos-rule
set qos-rule
Description QoS rule base rule configuration
Syntax set qos-rule idx <idx> [ source <source> ] [ destination <destination>
] [ service <service> ] [ { [ low-latency-rule { normal [ limit-bandwidth
<limit-bandwidth> [ limit-percentage <limit-percentage> ] ] [
guarantee-bandwidth <guarantee-bandwidth> [ guarantee-percentage
Parameters
Parameter Description
Description of the rule
comment Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
destination Network object that is the target of the connection
DiffServ Mark is a way to mark connections so a third party will handle it. To use
diffserv-mark this option, your ISP or private WAN must support DiffServ
Type: Boolean (true/false)
To mark packets that will be given priority on the public network according to
their DSCP, select DiffServ Mark (1-63) and select a value. You can get the
diffserv-mark-val
DSCP value from your ISP or private WAN administrator
Type: A number with no fractional part (integer)
Indicates if rule is disabled
disabled
Type: Boolean (true/false)
If true, traffic guarantee is defined
guarantee-bandwidth
Type: Boolean (true/false)
Traffic guarantee percentage
guarantee-percentage
Type: A number with no fractional part (integer)
If true, time is configured
hours-range-enabled
Type: Boolean (true/false)
Time in the format HH:MM
hours-range-from
Type: A time format hh:mm
Time in the format HH:MM
hours-range-to
Type: A time format hh:mm
The order of the rule in comparison to other manual rules
idx
Type: Decimal number
If true, traffic limit is defined
limit-bandwidth
Type: Boolean (true/false)
Traffic limit percentage
limit-percentage
Type: A number with no fractional part (integer)
Defines which logging method to use: None - do not log, Log - Create log
log
Options: none, log
The latency of the rule (low or normal)
low-latency-rule
Type: Press TAB to see available options
name
name
Type: A string of alphanumeric characters without space between them
The order of the rule in comparison to other manual rules
position
Type: Decimal number
The order of the rule in comparison to other manual rules
position-above
Type: Decimal number
The order of the rule in comparison to other manual rules
position-below
Type: Decimal number
service The network service object that the rule should match to
source Network object or user group that initiates the connection
Indicates if traffic is matched on encrypted traffic only or all traffic
vpn
Type: Boolean (true/false)
Traffic weight, relative to the weights defined for other rules
weight
Type: A number with no fractional part (integer)
set qos-rule
Description QoS rule base rule configuration
Parameters
Parameter Description
Description of the rule
comment Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
destination Network object that is the target of the connection
DiffServ Mark is a way to mark connections so a third party will handle it. To use
diffserv-mark this option, your ISP or private WAN must support DiffServ
Type: Boolean (true/false)
To mark packets that will be given priority on the public network according to
their DSCP, select DiffServ Mark (1-63) and select a value. You can get the
diffserv-mark-val
DSCP value from your ISP or private WAN administrator
Type: A number with no fractional part (integer)
Indicates if rule is disabled
disabled
Type: Boolean (true/false)
If true, traffic guarantee is defined
guarantee-bandwidth
Type: Boolean (true/false)
Traffic guarantee percentage
guarantee-percentage
Type: A number with no fractional part (integer)
If true, time is configured
hours-range-enabled
Type: Boolean (true/false)
Time in the format HH:MM
hours-range-from
Type: A time format hh:mm
Time in the format HH:MM
hours-range-to
Type: A time format hh:mm
If true, traffic limit is defined
limit-bandwidth
Type: Boolean (true/false)
Traffic limit percentage
limit-percentage
Type: A number with no fractional part (integer)
Defines which logging method to use: None - do not log, Log - Create log
log
Options: none, log
Example set qos-rule name word source TEXT destination TEXT service TEXT
low-latency-rule normal limit-bandwidth true limit-percentage -1000000
guarantee-bandwidth true guarantee-percentage -1000000 weight -1000000
log none comment This is a comment. vpn true hours-range-enabled
true hours-range-from 23:20 hours-range-to 23:20 diffserv-mark true
diffserv-mark-val -1000000 name word position 2 disabled true
set radius-server
Parameters
Parameter Description
The IP address of the RADIUS server
ipv4-address
Type: IP address
Priority of the choose tab, can be primary or secondary
priority
Type: A number with no fractional part (integer)
Pre-shared secret between the RADIUS server and the Appliance
shared-secret
Type: A string that contains alphanumeric and special characters
A timeout value in seconds for communication with the RADIUS server
timeout
Type: A number with no fractional part (integer)
The port number through which the RADIUS server communicates with clients.
udp-port The default is 1812
Type: A number with no fractional part (integer)
Reach My Device
set reach-my-device
Description Reach My Device
Parameters
Parameter Description
Reach my device mode - true for on, false for off
mode
Type: Boolean (true/false)
set reach-my-device
Description Reach My Device
Parameters
Parameter Description
claimOccupiedName
existing-host-name
Type: Boolean (true/false)
Gateway Host name (DNS Prefix)
host-name
Type: A string of alphanumeric characters without space between them
set reach-my-device
Description Reach My Device
Syntax set reach-my-device advanced-settings ignore-ssl-cert <ignore-ssl-cert>
Parameters There are no parameters
Example set reach-my-device advanced-settings ignore-ssl-cert true
Output Failure shows an appropriate error message.
set reach-my-device
Description Reach My Device
Parameters
Parameter Description
Remote users RADIUS authentication
radius-auth
Type: Boolean (true/false)
RADIUS groups for authentication. Example: RADIUS-group1, RADIUS-class2
radius-groups
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’, ’,’ and space characters
Use RADIUS groups for authentication
use-radius-groups
Type: Boolean (true/false)
set security-management
Parameters
Parameter Description
Indicates whether the appliance is managed locally or centrally using a Check
mode Point management server
Options: locally-managed, centrally-managed
set serial-port
Serial port
Parameters
Parameter Description
disabled Indicates if the serial port is disabled
flow-control Indicates the method of data flow control to and from the serial port
Indicates if the serial port is used to connect to the appliance’s console, a remote
mode telnet server or allow a remote telnet connection to the device connected to the
serial port.
port-speed Indicates the port speed (Baud Rate) of the serial connection
set serial-port
Description Serial port
set serial-port
Description Serial port
Syntax set serial-port active-mode [ tcp-port <tcp-port> ] [ primary-server-address
<primary-server-address> ] [ secondary-server-address <secondary-server-address>
]
Parameter Description
Zones the server is accessible from by default (accept all by default, accept
only from configured zones, or define no server-specific default access policy).
access-zones
Manual policy rules will override this policy.
Type: Press TAB to see available options
indicates of default access policy will work on ICMP traffic as well as defined
allow-ping-to-server ports. This option will not work on multiple ports hidden behind the gateway.
Type: Boolean (true/false)
Indicates if connections that are accepted by the default access policy to the
log-accepted- server are logged
connections Options: none, log
Indicates if connections that are blocked by the default access policy to the
log-blocked- server are logged
connections Options: none, log
Server object name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
Indicates if traffic from the DMZ network to the server is allowed or blocked by
trusted-zone-dmz default
Options: blocked, allowed
Indicates if traffic from Physical internal networks (LAN ports) to the server is
trusted-zone-lan allowed or blocked by default
Options: blocked, allowed
Indicates if traffic from trusted wireless networks to the server is allowed or
trusted-zone-trusted- blocked by default
wireless-networks Options: blocked, allowed
Indicates if encrypted traffic from remote VPN sites to the server is allowed or
trusted-zone-vpn-sites blocked by default
Options: blocked, allowed
Indicates if encrypted traffic from VPN remote access users to the server is
trusted-zone-vpn- allowed or blocked by default
users Options: blocked, allowed
Parameters
Parameter Description
Allow access from internal networks to the external IP address of the server via
force-source-hide-nat local switch
Type: Boolean (true/false)
Server object name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
Indicates the general NAT settings configured (no NAT, hide behind the gate-
nat-settings way’s external IP address or use a different external IP address)
Type: Press TAB to see available options
For servers with a single port, indicates if the external port is not the same as
port-address- the internal port.
translation Type: Boolean (true/false)
For servers with a single port, indicates the external port that is used to forward
port-address- traffic to the server
translation-external- Type: Port number
port
indicates if outgoing traffic from the server using static NAT will be hidden behind
static-nat-for- the configured external IP address without a port change
outgoing-traffic Type: Boolean (true/false)
For servers using static NAT, the external IP address used to forward traffic to
static-nat-ipv4- the server
address Type: IP address
Parameters
Parameter Description
Comments
comments Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
Parameters
Parameter Description
citrix-server Indicates a Citrix server (for each type we provide default but configurable ports)
custom-server Server type custom
dns-server Indicates a DNS server (for each type we provide default but configurable ports)
ftp-server Indicates a FTP server (for each type we provide default but configurable ports)
mail-server Indicates a mail server (for each type we provide default but configurable ports)
Server object name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
set service-group
A group of services
set service-group
Description A group of services
Syntax set service-group <name> [ new-name <new-name> ] [ comments <comments> ]
Parameters
set service-group
Description A group of services
Parameters
Parameter Description
Service Group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
set service-group
Description A group of services
Parameters
Parameter Description
member Service name
Service Group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
set service-group
Description A group of services
Parameters
Parameter Description
member Service name
Service Group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
set service-icmp
Parameters
Parameter Description
Comments and explanation about the service
comments Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
ICMP code
icmp-code
Type: A number with no fractional part (integer)
ICMP message type
icmp-type
Type: A number with no fractional part (integer)
Service name
name
Type: String
Example set service-icmp TEXT name TEXT icmp-code -1000000 icmp-type -1000000
comments This is a comment.
set service-protocol
Parameters
Parameter Description
accept-replies Specifies if service replies are to be accepted
set service-tcp
Parameters
Parameter Description
Enable to manage the connections table capacity and memory consumption of
aggressive-aging-
the firewall to increase durability and stability
enable
aggressive-aging- Time (in seconds) before the aggressive aging times out
timeout
Comments and explanation about the service
comments Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
delay-sync-interval Time (in seconds) after connection initiation to start synchronizing connections
Service name
name
Type: String
Destination ports (a comma separated list of ports/ranges)
port
Type: Port range
session-timeout Time (in seconds) before the session times out
Example set service-tcp TEXT name TEXT port 8080-8090 comments This is a
comment. session-timeout -1000000 sync-connections-on-cluster true
sync-delay-enable true delay-sync-interval -1000000 aggressive-aging-enable
true aggressive-aging-timeout -1000000 use-source-port false source-port 8080
set service-udp
Syntax set service-udp <name> [ name <name> ] [ port <port> ] [ comments <comments>
] [ session-timeout <session-timeout> ] [ accept-replies <accept-replies>
] [ sync-connections-on-cluster <sync-connections-on-cluster> ] [
aggressive-aging-enable <aggressive-aging-enable> ] [ aggressive-aging-timeout
<aggressive-aging-timeout> ]
Parameters
Parameter Description
accept-replies Specifies if service replies are to be accepted
Enable to manage the connections table capacity and memory consumption of
aggressive-aging-
the firewall to increase durability and stability
enable
aggressive-aging- Time (in seconds) before the aggressive aging times out
timeout
Comments and explanation about the service
comments Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
Service name
name
Type: String
Destination ports (a comma separated list of ports/ranges)
port
Type: Port range
session-timeout Time (in seconds) before the session times out
Enables state-synchronized High Availability or Load Sharing on a ClusterXL
or OPSEC-certified cluster. Of the services allowed by the rule base, only
sync-connections-on-
those with synchronize connections on cluster will be synchronized as they pass
cluster
through the cluster
Example set service-udp TEXT name TEXT port 8080-8090 comments This is a comment.
session-timeout -1000000 accept-replies true sync-connections-on-cluster true
aggressive-aging-enable true aggressive-aging-timeout -1000000
SNMP version3 user configuration options for: security level, authentication settings and passwords
set snmp
Description SNMP version3 user configuration options for: security level, authentication settings and passwords
Parameters
Parameter Description
Authentication password for the SNMP version3 user
auth-pass-phrase
Type: A string that contains alphanumeric and special characters
Authentication protocol type for the version3 user, options are: MD5 or SHA1
auth-pass-type
Options: MD5, SHA1
Privacy password chosen by the version3 user in case privacy is set
privacy-pass-phrase
Type: A string that contains alphanumeric and special characters
Privacy protocol type for the version3 user, options are: AES or DES
privacy-pass-type
Options: AES, DES
Does Privacy protocol for this version3 user was set in the security level
security-level
Type: Boolean (true/false)
version3 user name
user
Type: A string that contains (0-9, a-z, - . @) up to 64 characters without spaces
Example set snmp user admin security-level true auth-pass-type MD5 auth-pass-phrase
a(ˆ
&7Ba privacy-pass-type AES privacy-pass-phrase a(ˆ
&7Ba
set snmp
Description SNMP general configuration options
Parameters
Parameter Description
Is SNMP option enabled or disabled, disabled is the default
agent
Type: Boolean (true/false)
Is the defined SNMP version is version3 only
agent-version
Type: Boolean (true/false)
Community name of the SNMP, public is the default
community
Type: A string of alphanumeric characters without space between them
System contact name, maximum length is 128
contact Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
System location name
location Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
Configure, enable or disable traps from the list, the enabled traps are sent to the trap receivers
Parameter Description
snmpTrapsEnable
snmpTrapsEnable
Type: Boolean (true/false)
Parameters
Parameter Description
Enable or disable whether a trap is sent for the specific event
enable
Type: Boolean (true/false)
Repetitions on trap sending times between 0 - 10, optional field
repetitions
Type: A number with no fractional part (integer)
Wait time (in seconds) between sending each trap, optional field
repetitions-delay
Type: A number with no fractional part (integer)
Trap hazardous level, optional field, severity of the trap between 1 - 4
severity
Type: A number with no fractional part (integer)
The mathematical value associated with the thresholds
threshold
Type: A number with no fractional part (integer)
Trap event name
trap-name
Options: trap-name
Parameters
Parameter Description
Community name of the receivers trap, public is default for version2 users
community
Type: A string of alphanumeric characters without space between them
Receivers IP address that the trap associated with
receiver
Type: IP address
user SNMP version3 Defined users
SNMP Version number, options are: v2 or v3
version
Type: Press TAB to see available options
set static-route
Parameters
Parameter Description
IP address and subnet length of the destination of the packet in the format
destination IP/subnet. e.g. 192.168.0.0/16
Type: An IP address with a mask length
Is rule disabled
disabled
Type: Boolean (true/false)
id
id
Type: A number with no fractional part (integer)
Metric
metric
Type: A number with no fractional part (integer)
Route service name
service
Type: String
IP address and subnet length of the source of the packet in the format IP/subnet.
source e.g. 192.168.1.0/24
Type: An IP address with a mask length
set streaming-engine-settings
Description Streaming engine settings
Parameters
Parameter Description
TCP Out of Sequence activation mode
tcp-block-out-of-win-
Options: prevent, detect
mon-only
TCP Out of Sequence tracking
tcp-block-out-of-win-
Options: none, log, alert
track
TCP Invalid Retransmission activation mode
tcp-block-retrans-err-
Options: prevent, detect
mon-only
TCP Invalid Retransmission tracking
tcp-block-retrans-err-
Options: none, log, alert
track
TCP SYN Modified Retransmission activation mode
tcp-block-syn-retrans-
Options: prevent, detect
mon-only
TCP SYN Modified Retransmission tracking
tcp-block-syn-retrans-
Options: none, log, alert
track
TCP Urgent Data Enforcement activation mode
tcp-block-urg-bit-mon-
Options: prevent, detect
only
TCP Urgent Data Enforcement tracking
tcp-block-urg-bit-track
Options: none, log, alert
Stream Inspection Timeout activation mode
tcp-hold-timeout-mon-
Options: prevent, detect
only
Stream Inspection Timeout tracking
tcp-hold-timeout-track
Options: none, log, alert
TCP Invalid Checksum activation mode
tcp-invalid-checksum-
Options: prevent, detect
mon-only
TCP Invalid Checksum tracking
tcp-invalid-checksum-
Options: none, log, alert
track
set streaming-engine-settings
Description Streaming engine settings
set switch
Switch
Parameters
Parameter Description
Name
name
Type: A switch name can be LAN[1-8]_Switch
port Name
set switch
Description Switch
Parameters
Parameter Description
Name
name
Type: A switch name can be LAN[1-8]_Switch
port Name
Parameters
Parameter Description
Indicates if the action upon detecting malicious activity will be according to the
malicious-activity policy settings or a manually configured specific action
Options: ask, prevent, detect, inactive, policy-action
Indicates if the action upon detecting attempted access to domains with a bad
reputation-domains reputation will be according to the policy or a manually configured specific action
Options: ask, prevent, detect, inactive, policy-action
Indicates if the action upon detecting attempted access to IP addresses with a
bad reputation will be according to the policy or a manually configured specific
reputation-ips
action
Options: ask, prevent, detect, inactive, policy-action
Parameters
Parameter Description
Indicates if the Anti-Bot blade is set to ’Detect Only’ mode
detect-mode
Type: Boolean (true/false)
Indicates if the Anti-Bot blade is active
mode
Type: Boolean (true/false)
Description User Check is a customizable message shown to users upon match, and allows to ’ask’ the user for
the desired action
Parameters
Parameter Description
This text appears next to the ’ignore warning’ checkbox of an Anti-Bot ’Ask’ user
activity-text message
Type: A string that contains only printable characters
The informative text that appears in the Anti-Bot ’Ask’ user message
body
Type: A string that contains only printable characters
Indicates the action to take when an ’Ask’ user message cannot be displayed
fallback-action
Options: block, accept
Indicates how often is the Anti-Bot ’Ask’ user message is being presented to the
frequency same user
Options: day, week, month
Indicates if the user must enter a reason for ignoring this message in a desig-
reason-displayed nated text dialog
Type: Boolean (true/false)
The subject of an Anti-Bot ’Ask’ user message
subject
Type: A string that contains only printable characters
The title of an Anti-Bot ’Ask’ user message
title
Type: A string that contains only printable characters
Description User Check is a customizable message shown to users upon match, and allows to ’ask’ the user for
the desired action
Parameters
Parameter Description
The informative text that appears in the Anti-Bot ’Block’ user message
body
Type: A string that contains only printable characters
Indicates if the user will be redirected to a custom URL in case of a ’Block’ action
redirect-to-url
Type: Boolean (true/false)
Indicates the URL to redirect the user in case of a ’Block’ action if configured
to do so. The URL to redirect the user in case of a ’Block’ action. Redirection
redirect-url
happens only if this functionality is turned on
Type: urlWithHttp
Parameters
Parameter Description
Indicates if the action upon detecting access to and from URLs with a bad rep-
urls-with-malware utation will be according to the policy or a manually configured specific action
Options: ask, prevent, detect, inactive, policy-action
Indicates if the action upon detecting viruses will be according to the policy or a
viruses manually configured specific action
Options: ask, prevent, detect, inactive, policy-action
Parameters
Parameter Description
Indicates the action when the file type is detected
action
Options: block, pass, scan
The file description
description Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
File extension that represents this file type
extension Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
Parameters
Parameter Description
Indicates if the Anti-Virus blade is set to ’Detect Only’ mode
detect-mode
Type: Boolean (true/false)
Indicates the file types that are inspected by the Anti-Virus blade: malware
file-types-policy (known to contain malware), all (all file types), specific (configured file families)
Options: malware, all-types, specific-families
Indicates the source zones for inspected incoming files: External, External and
interfaces DMZ or all interfaces
Options: all, external, external-dmz
Indicates if the Anti-Virus blade is active
mode
Type: Boolean (true/false)
Indicates if Anti-Virus inspection will be performed on FTP traffic
protocol-ftp
Type: Boolean (true/false)
Indicates if Anti-Virus inspection will be performed on all configured ports of
protocol-http HTTP traffic
Type: Boolean (true/false)
Indicates if Anti-Virus inspection will be performed on mail traffic (SMTP and
protocol-mail POP3)
Type: Boolean (true/false)
Indicates the source of scanned filed: Scan incoming files, or scan both incom-
scope ing and outgoing files
Options: incoming, incoming-and-outgoing
Example set threat-prevention anti-virus policy mode true detect-mode true scope
incoming interfaces all protocol-http true protocol-mail true protocol-ftp
true file-types-policy malware
Description User Check is a customizable message shown to users upon match, and allows to ’ask’ the user for
the desired action
Parameters
Parameter Description
This text appears next to the ’ignore warning’ checkbox of an Anti-Virus ’Ask’
activity-text user message
Type: A string that contains only printable characters
The informative text that appears in the Anti-Virus ’Ask’ user message
body
Type: A string that contains only printable characters
Indicates the action to take when an ’Ask’ user message cannot be displayed
fallback-action
Options: block, accept
Indicates how often is the Anti-Virus ’Ask’ user message is being presented to
frequency the same user
Options: day, week, month
Indicates if the user must enter a reason for ignoring this message in a desig-
reason-displayed nated text dialog
Type: Boolean (true/false)
The subject of an Anti-Virus ’Ask’ user message
subject
Type: A string that contains only printable characters
The title of an Anti-Virus ’Ask’ user message
title
Type: A string that contains only printable characters
Description User Check is a customizable message shown to users upon match, and allows to ’ask’ the user for
the desired action
Parameters
Parameter Description
The informative text that appears in the Anti-Virus ’Block’ user message
body
Type: A string that contains only printable characters
Indicates if the user will be redirected to a custom URL in case of a ’Block’ action
redirect-to-url
Type: Boolean (true/false)
Indicates the URL to redirect the user in case of a ’Block’ action if configured
to do so. The URL to redirect the user in case of a ’Block’ action. Redirection
redirect-url
happens only if this functionality is turned on
Type: urlWithHttp
Parameters
Parameter Description
The action taken when there is a match on the rule
action
Options: ask, prevent, detect, inactive
Additional description for the exception
comment Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
The logging method used when there is a match on the rule: None - do not log,
log Log - Create log, Alert - log with alert
Options: none, log, alert
The name of the exception
name
Type: A string of alphanumeric characters without space between them
The name of the exception
new-name
Type: A string of alphanumeric characters without space between them
The blade to which the exception applies: Anti-Virus and Anti-Bot (malware),
protection Anti-Virus (antivirus) or Anti-Bot (antibot)
Options: any, any-ab, any-av
scope IP address, network object or user group that the exception applies to
Example set threat-prevention exception name word comment This is a comment. scope
TEXT protection any action ask log none new-name word
Output Failure shows an appropriate error message.
Parameters
Parameter Description
Indicates if Client protections are active by default
client-protections
Type: Boolean (true/false)
Indicates if protections will be deactivated if their confidence level is below or
disable-by- equal configured level
confidence-level Type: Boolean (true/false)
Indicates if protections will be deactivated if their performance impact is above
disable-by- or equal configured level
performance-impact Type: Boolean (true/false)
Indicates if protections will be deactivated if their severity is below or equal con-
disable-by-severity figured level
Type: Boolean (true/false)
If configured, protections will be deactivated according to this confidence level
disable-confidence-
Options: Low, Medium-low, Medium, Medium-high, High
level-below-or-equal
Parameters
Parameter Description
Comment on the IPS Network exception
comment Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
destination Network object that is the target of the connection
If true, the destination is all traffic except what is defined in the destination field
destination-negate
Type: Boolean (true/false)
The order of the rule in the rule base
position
Type: Decimal number
protection-code Indicates if the exception rule will be matched on all IPS protections or a specific
one
service Type of network service that is under exception
If true, the service is everything except what is defined in the service field
service-negate
Type: Boolean (true/false)
source Network object or user group that initiates the connection
If true, the service is everything except what is defined in the service field
source-negate
Type: Boolean (true/false)
Parameters
Parameter Description
Comment on the IPS Network exception
comment Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
destination Network object that is the target of the connection
If true, the destination is all traffic except what is defined in the destination field
destination-negate
Type: Boolean (true/false)
The order of the rule in the rule base
position
Type: Decimal number
protection-name Indicates if the exception rule will be matched on all IPS protections or a specific
one
service Type of network service that is under exception
If true, the service is everything except what is defined in the service field
service-negate
Type: Boolean (true/false)
source Network object or user group that initiates the connection
If true, the service is everything except what is defined in the service field
source-negate
Type: Boolean (true/false)
Parameters
Parameter Description
default-policy The type of policy used for IPS - strict, typical or custom
Indicates if the default policy of IPS is to only logs events and not block them
detect-mode
Type: Boolean (true/false)
Example set threat-prevention ips policy mode true log none default-policy word
detect-mode true
Parameters
Parameter Description
action Indicates the manually configured action for this protection
The IPS topic the override belongs to. Every override belongs to a single topic
protection-code Type: A number with no fractional part. Values are between -
4,503,599,627,370,495 to 4,503,599,627,370,495
track Indicates the manually configured tracking option for this protection
Parameters
Parameter Description
action Indicates the manually configured action for this protection
The name of the IPS topic
protection-name
Type: A string of alphanumeric characters without space between them
track Indicates the manually configured tracking option for this protection
Parameters
Parameter Description
Indicates if the action upon detection will be according to the general IPS policy
override-policy-action or manually configured for this protection
Type: Boolean (true/false)
The IPS topic the override belongs to. Every override belongs to a single topic
protection-code Type: A number with no fractional part. Values are between -
4,503,599,627,370,495 to 4,503,599,627,370,495
Parameter Description
Indicates if the action upon detection will be according to the general IPS policy
override-policy-action or manually configured for this protection
Type: Boolean (true/false)
The name of the IPS topic
protection-name
Type: A string of alphanumeric characters without space between them
Parameters
Parameter Description
Indicates the default action for Threat Prevention protections with a high confi-
high-confidence dence level
Options: ask, prevent, detect, inactive
Indicates the default action for Threat Prevention protections with a low confi-
low-confidence dence level
Options: ask, prevent, detect, inactive
Indicates the default action for Threat Prevention protections with a medium
medium-confidence confidence level
Options: ask, prevent, detect, inactive
Indicates the allowed performance impact of active Threat Prevention protec-
performance-impact tions by default
Options: low, medium, high
Tracking options for Threat Prevention protections: None - do not log, Log -
track Create log, Alert - log with alert
Options: none, log, alert
set ui-settings
set ui-settings
Description Web Interface Settings and Customizations
Parameters
Parameter Description
Clicking the company logo in the web interface opens this URL
custom-webui-logo-url
Type: urlWithHttp
The company logo is displayed on the appliance’s web interface and on its log-
in page. The customized logo should follow the size restrictions in order to be
use-custom-webui-
displayed properly.
logo
Type: Boolean (true/false)
set ui-settings
Description Web Interface Settings and Customizations
Uses the internet probing (if probing is enabled) to automatically detect and fix 3G/4G internet connectivity prob-
lems
set usb-modem-watchdog
Description Uses the internet probing (if probing is enabled) to automatically detect and fix 3G/4G internet con-
nectivity problems
set usb-modem-watchdog
Description Uses the internet probing (if probing is enabled) to automatically detect and fix 3G/4G internet con-
nectivity problems
set user-awareness
set user-awareness
Description User awareness configuration table
Parameters
Parameter Description
Indicates if user awareness seamlessly queries the AD (Active Directory)
ad-queries-mode servers to get user information
Type: Boolean (true/false)
Indicates if user awareness uses a portal to identify locally defined users or as
browser-based- a backup to other identification methods
authentication-mode Type: Boolean (true/false)
User awareness mode - true for on, false for off
mode
Type: Boolean (true/false)
set user-awareness
Description User awareness configuration table
set user-awareness
Description User awareness configuration table
Syntax set user-awareness advanced-settings assume-single-user <assume-single-user>
Parameters
Parameter Description
The conditions shown to the users to agree to
agreement-text
Type: A string that contains only printable characters
When true, users using non-HTTP traffic are forced to login first through
block- Browser-Based Authentication
unauthenticated- Type: Boolean (true/false)
non-web-traffic
Parameter Description
net-obj Network object name
Parameters
Parameter Description
net-obj Network object name
set vpn
set vpn
Description Configure remote VPN sites
Parameters
Parameter Description
aggressive-mode-DH- determine the strength of the key when aggressive mode is enabled
group
set vpn
Description Configure remote VPN sites
Syntax set vpn site <site> add remote-site-enc-dom-network-obj <remote-site-enc-dom-network-ob
Parameter Description
remote-site-enc-dom- Network Object name
network-obj
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
set vpn
Description Configure remote VPN sites
Parameters
Parameter Description
remote-site-enc-dom- Network Object name
network-obj
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
set vpn
Description Configure remote VPN sites
Parameters
Parameter Description
remote-site-enc-dom- Network Object name
network-obj
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
Parameters
Parameter Description
link-selection-multiple- IP address
addrs addr
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
set vpn
Description Configure remote VPN sites
Syntax set vpn site <site> remove-all link-selection-multiple-addrs addr
<link-selection-multiple-addrs addr>
Parameters
Parameter Description
link-selection-multiple- IP address
addrs addr
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
set vpn
Description Configure remote VPN sites
Parameters
Parameter Description
link-selection-multiple- IP address
addrs addr
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
set vpn
Description Configure remote VPN sites
Parameters
Parameter Description
Encryption algorithm preferences for phase1 in the VPN encryption algorithm,
custom-enc-phase1-
which sets the base for phase2
enc
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
set vpn
Description Configure remote VPN sites
Parameters
Parameter Description
Encryption algorithm preferences for phase1 in the VPN encryption algorithm,
custom-enc-phase1-
which sets the base for phase2
enc
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
set vpn
Description Configure remote VPN sites
Parameters
Parameter Description
Encryption algorithm preferences for phase1 in the VPN encryption algorithm,
custom-enc-phase1-
which sets the base for phase2
enc
set vpn
Description Configure remote VPN sites
Parameters
Parameter Description
custom-enc-phase1- Authentication algorithm used for encryption validation
auth
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
set vpn
Description Configure remote VPN sites
Parameters
Parameter Description
custom-enc-phase1- Authentication algorithm used for encryption validation
auth
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
set vpn
Description Configure remote VPN sites
Parameters
set vpn
Description Configure remote VPN sites
Parameters
Parameter Description
custom-enc-phase1- VPN Diffie-Hellman key exchange encryption level
dh-group
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
set vpn
Description Configure remote VPN sites
Parameter Description
custom-enc-phase1- VPN Diffie-Hellman key exchange encryption level
dh-group
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
set vpn
Description Configure remote VPN sites
Parameters
Parameter Description
custom-enc-phase1- VPN Diffie-Hellman key exchange encryption level
dh-group
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
set vpn
Description Configure remote VPN sites
Syntax set vpn site <site> add custom-enc-phase2-enc <custom-enc-phase2-enc>
Parameters
Parameter Description
custom-enc-phase2- Encryption algorithm preferences for phase2 in the VPN encryption algorithm
enc
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
set vpn
Description Configure remote VPN sites
Parameters
Parameter Description
custom-enc-phase2- Encryption algorithm preferences for phase2 in the VPN encryption algorithm
enc
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
Parameters
Parameter Description
custom-enc-phase2- Encryption algorithm preferences for phase2 in the VPN encryption algorithm
enc
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
set vpn
Description Configure remote VPN sites
Parameters
Parameter Description
custom-enc-phase2- Authentication algorithm used for encryption validation
auth
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
set vpn
Description Configure remote VPN sites
Parameters
Parameter Description
custom-enc-phase2- Authentication algorithm used for encryption validation
auth
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
Parameters
Parameter Description
custom-enc-phase2- Authentication algorithm used for encryption validation
auth
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
set vpn
Description Local network
Parameters
Parameter Description
internet-connection The local interface for unnumbered VTI
Enter the IP address of the interface
local
Type: IP address
Remote peer name as defined in the VPN community. You must define the two
peers in the VPN community before you can define the VTI. The Peer ID is an
peer alpha-numeric character string.
Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
Defines the remote peer IPv4 address, used at the peer gateway’s point-to-point
remote virtual interface (numbered VTI only)
Type: IP address
A number identifying the Virtual Tunnel Interface (VTI)
tunnel
Type: A number with no fractional part (integer)
The type of VTI: Numbered VTI that uses a specified, static IPv4 addresses for
local and remote connections, or unnumbered VTI that uses the interface and
type
the remote peer name to get addresses
Type: Press TAB to see available options
Example set vpn tunnel -1000000 type unnumbered peer site17 internet-connection My
connection
Parameters
Parameter Description
Allow traffic from Remote Access clients (by default)
default-access-to-lan
Options: block, accept
L2TP Pre-Shared Key
l2tp-pre-shared-key
Type: A string of alphanumeric characters without space between them
Enable VPN remote access clients to connect via native VPN client (L2TP)
l2tp-vpn-client
Type: Boolean (true/false)
Enable VPN remote access mobile clients to connect via Check Point Mobile
mobile-client VPN client
Type: Boolean (true/false)
Enable VPN Remote Access
mode
Type: Boolean (true/false)
Enable VPN remote access clients to connect via SSL VPN
sslvpn-client
Type: Boolean (true/false)
Log traffic from Remote Access clients (by default)
track
Options: none, log
Example set vpn remote-access default-access-to-lan block mode true track none
mobile-client true sslvpn-client true l2tp-vpn-client true l2tp-pre-shared-key
word
Output Failure shows an appropriate error message.
Parameters
Parameter Description
Indicates if Internet traffic from connected clients will be routed first through this
default-route-through- gateway
this-gateway Type: Boolean (true/false)
Indicates if remote access clients use the domain name configured under DNS
dns-domain-mode network settings of the device, or a manually configured domain name
Type: Boolean (true/false)
Configure manually office mode first DNS
dns-primary
Type: IP address
Configure manually office mode second DNS
dns-secondary
Type: IP address
Configure manually office mode third DNS
dns-tertiary
Type: IP address
Manual configuration of the domain used by remote access clients
domain-name
Type: A FQDN
Indicates if the encryption domain for remote access clients is calculated auto-
enc-dom matically or manually configured
Options: manual, auto
Office Mode - Allocate IP addresses from the following network
om-network-ip
Type: Network address
Subnet for allocating IP addresses of incoming remote access connections (Of-
om-subnet-mask fice Mode)
Type: Subnet mask
Indicates if the remote access clients will use this gateway as a DNS server.
use-this-gateway-as- Appliacable only when encryption domain is calculated automatically
dns-server Type: Boolean (true/false)
Syntax set vpn remote-access advanced enc-dom-obj manual add name <name>
Parameters
Parameter Description
name Network Object name
Example set vpn remote-access advanced enc-dom-obj manual add name TEXT
Syntax set vpn remote-access advanced enc-dom-obj manual remove name <name>
Parameters
Parameter Description
name Network Object name
Example set vpn remote-access advanced enc-dom-obj manual remove name TEXT
VPN Global
Parameter Description
default-access-to-lan Allow traffic from remote sites (by default)âĂİ
Options: block, accept
Indicates if the local encryption domain is configured manually or determined
local-encryption- automatically using the local networks
domain Options: auto, manual
A manually configured source IP address to be used (if configured to) for VPN
manual-source-ip- tunnels
address Type: IP address
Indicates whether or not VPN site to site is active
mode
Type: Boolean (true/false)
Indicates the method according to which the outgoing interface selection for
outgoing-interface- VPN traffic is chosen
selection Options: routing-table, route-based-probing
sourceIpSelection
sourceIpSelection
Options: automatically, manually
The default Logging setting for traffic from remote sites
track
Options: none, log
VPN Global
Parameters
Parameter Description
name Network Object name
Parameters
Parameters
Parameter Description
name Network Object name
set wlan
set wlan
Description Virtual Access Point
Parameters
Parameter Description
The mode of the Virtual Access Point
mode
Options: on, off
set wlan
Description Virtual Access Point
Parameters
Parameter Description
set wlan
Description Virtual Access Point
Parameter Description
Security Type
security-type
Options: none, WEP, WPA2, WPA/WPA2
set wlan
Description Virtual Access Point
set wlan
Description Virtual Access Point
Parameters
Parameter Description
The Hotspot of the Virtual Access Point
hotspot
Options: on, off
Wireless protected access authentication
wpa-auth-type
Type: Press TAB to see available options
Parameters
Parameter Description
Wireless protected access encryption type
wpa-encryption-type
Options: Auto, CCMP-AES, TKIP
set wlan
Description Virtual Access Point
Parameters
Parameter Description
The network assigned to the virtual access point
assignment
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
set wlan
Description Virtual Access Point
set wlan
Description Virtual Access Point
Parameters
Parameter Description
The mode of the Virtual Access Point
mode
Options: on, off
The name of the Virtual Access Point
vap
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
set wlan
Description Virtual Access Point
Parameters
Parameter Description
Wireless network name (SSID)
ssid
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and space characters
The name of the Virtual Access Point
vap
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
set wlan
Description Virtual Access Point
Parameters
Parameter Description
Security Type
security-type
Options: none, WEP, WPA2, WPA/WPA2
The name of the Virtual Access Point
vap
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
set wlan
Description Virtual Access Point
Syntax set wlan vap <vap> wpa-auth-type password <password> [ hotspot <hotspot > ]
Parameters
Parameter Description
The name of the Virtual Access Point
vap
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Syntax set wlan vap <vap> wpa-auth-type { radius [ hotspot <hotspot > ] }
Parameters
Parameter Description
The Hotspot of the Virtual Access Point
hotspot
Options: on, off
The name of the Virtual Access Point
vap
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Wireless protected access authentication
wpa-auth-type
Type: Press TAB to see available options
set wlan
Description Virtual Access Point
Parameter Description
The name of the Virtual Access Point
vap
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Wireless protected access encryption type
wpa-encryption-type
Options: Auto, CCMP-AES, TKIP
set wlan
Description Virtual Access Point
Parameters
Parameter Description
The network assigned to the virtual access point
assignment
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
The name of the Virtual Access Point
vap
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Parameters
Parameter Description
The name of the Virtual Access Point
vap
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Wireless networks
Parameters
Parameter Description
Channel
channel
Options: auto, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
Channel width
channel-width
Options: auto, 20
Country
country
Options: country
Operation mode
operation-mode
Options: 11b, 11g, 11bg, 11n, 11ng
Controls the range of the wireless access point. Lower power can help reduce
transmitter-power interference to nearby access points
Options: minimum, eighth, quarter, half, full
Example set wlan radio country albania operation-mode 11b channel auto
channel-width auto transmitter-power minimum
Parameters
Parameter Description
Wireless radio mode
mode
Options: off, on
Access rule
Parameters
Parameter Description
The order of a manual rule in comparison to other manual rules
position
Type: Decimal number
Parameters
Parameter Description
name
name
Type: A string of alphanumeric characters without space between them
The order of a manual rule in comparison to other manual rules
position
Type: Decimal number
Access rule
Parameters
Parameter Description
name
name
Type: A string of alphanumeric characters without space between them
The order of a manual rule in comparison to other manual rules
position
Type: Decimal number
Parameters
Parameter Description
The order of a manual rule in comparison to other manual rules
position
Type: Decimal number
Parameters
Parameter Description
The order of a manual rule in comparison to other manual rules
position
Type: Decimal number
Parameters
Parameter Description
The order of a manual rule in comparison to other manual rules
position
Type: Decimal number
Parameters
Parameter Description
Domain name
domain
Type: Host name
show ad-servers
show additional-hw-settings
show address-range
Parameters
Parameter Description
Network Object name
name
Type: String
show address-ranges
show admin-access
show admin-access-ipv4-addresses
show administrator
Parameters
Parameter Description
Indicates the administrator user name
username
Type: A string that contains [A-Z], [0-9], and ’_’ characters
Description Limit administrators login failure attempts for before locking out for a defined period of time
show administrators
show aggressive-aging
Description Connections aggressive aging
Syntax show aggressive-aging
Parameters There are no parameters
Example show aggressive-aging
Output Failure shows an appropriate error message.
show aggressive-aging
Description Connections aggressive aging
Syntax show aggressive-aging advanced-settings
Parameters There are no parameters
Example show aggressive-aging advanced-settings
Output Failure shows an appropriate error message.
show antispam
show antispam
Description Policy for Anti-Spam blade
Syntax show antispam
Parameters There are no parameters
Example show antispam
Output Failure shows an appropriate error message.
show antispam
Description Policy for Anti-Spam blade
Syntax show antispam advanced-settings
Parameters There are no parameters
Example show antispam advanced-settings
Output Failure shows an appropriate error message.
Description List of allowed IP addresses, email addresses (senders) and domains for Anti-Spam blade
Description List of blocked IP addresses, email addresses (senders) and domains for Anti-Spam blade
show application
Application
show application
Description Application
Syntax show application application-name <application-name>
Parameters
Parameter Description
Application or group name
application-name
Type: String
show application
Description Application
Parameters
show application-control
show application-group
show application-group
Description User defined application group
Parameters
Parameter Description
The ID of the application group
application-group-id
Type: A number with no fractional part (integer)
Parameters
Parameter Description
Application group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - . &) characters without spaces
show application-groups
show applications
Description Application
show bridge
Parameters
Parameter Description
Bridge name
name
Type: A bridge name can be br0-9
show bridges
show cloud-deployment
show cloud-services
show date
Manual time
show date
Description Manual time
show date
Description Manual time
show date
Description Manual time
show device-details
Local network
Parameters
Parameter Description
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
Parameters
Parameter Description
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
show dns
show dns
Description Configure DNS and Domain settings for the device
show dns
Description Configure DNS and Domain settings for the device
show dns
Description Configure DNS and Domain settings for the device
show fw policy
show fw policy
Description Default policy for firewall blade
show fw policy
Description User Check is a customizable message shown to users upon match, and allows to ’ask’ the user for
the desired action
Parameters
Parameter Description
Activity message type
user-check
Type: Press TAB to see available options
show group
show groups
show host
Parameters
Parameter Description
Network Object name
name
Type: String
show hosts
Hotspot settings
show hotspot
Description Hotspot settings
show hotspot
Description Hotspot settings
show https-categorization
show interface
Parameters
Parameter Description
Network name
name
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
show interfaces
show internet
Description Traffic will be distributed automatically across the defined Internet connections according to the con-
figured load balancing weights
show internet-connection
Internet Connection
show internet-connection
Description Internet Connection
Parameters
Parameter Description
Connection name
name
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’ and space characters
show internet-connection
Description Internet Connection
Parameters
Parameter Description
Connection name
name
Type: A string that contains [A-Z], [0-9], ’-’, ’@’, ’.’, ’_’ and space characters
show internet-connections
show ip-fragments-params
show local-group
Parameters
Parameter Description
Local group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
show local-groups
show local-user
Parameters
Parameter Description
User’s name in the local database
name
Type: A string that contains (0-9, a-z, - . @) up to 64 characters without spaces
show local-users
show log-servers-configuration
show loginMessages
loginMessages
show loginMessages
Description loginMessages
Parameters
Parameter Description
type
type
Options: motd, banner, caption
show loginMessages
Description loginMessages
Parameters
Parameter Description
type
type
Options: motd, banner, caption
show nat
NAT global
show nat
Description NAT global
show nat
Description NAT global
show nat-rule
Parameters
Parameter Description
name
name
Type: A string of alphanumeric characters without space between them
The order of the rule in comparison to other manual rules
position
Type: Decimal number
Parameters
Parameter Description
The order of the rule in comparison to other manual rules
position
Type: Decimal number
show nat-rules
Parameters
Parameter Description
The order of the rule in comparison to other manual rules
position
Type: Decimal number
Parameters
Parameter Description
IP address
ip
Type: IP address
UDP port
port
Type: Port number
show network
Parameters
Parameter Description
Network Object name
name
Type: String
show networks
show ntp
Description NTP
Syntax show ntp
Parameters There are no parameters
Example show ntp
Output Failure shows an appropriate error message.
Description NTP
Description NTP
show proxy
Description Configure proxy settings for connecting with Check Point update and license servers
show qos
show qos
Description QoS blade basic configuration
show qos-rule
show qos-rule
Description QoS rule base rule configuration
Parameters
Parameter Description
The order of the rule in comparison to other manual rules
idx
Type: Decimal number
The order of the rule in comparison to other manual rules
position
Type: Decimal number
show qos-rule
Description QoS rule base rule configuration
Parameters
Parameter Description
name
name
Type: A string of alphanumeric characters without space between them
The order of the rule in comparison to other manual rules
position
Type: Decimal number
show qos-rules
Parameters
Parameter Description
The order of the rule in the rule base
position
Type: Decimal number
show radius-server
Parameters
Parameter Description
Priority of the choose tab, can be primary or secondary
priority
Type: A number with no fractional part (integer)
show reach-my-device
Reach My Device
show reach-my-device
Description Reach My Device
show reach-my-device
Description Reach My Device
show serial-port
show server
Parameter Description
Server object name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
show servers
Parameters
Parameter Description
Service Group name
name Type: A string that begins with a letter and contain up to 32 alphanumeric (0-9,
a-z, _ - .) characters without spaces
show service-groups
show service-icmp
Parameters
Parameter Description
Service name
name
Type: String
show service-protocol
show service-tcp
Parameters
Parameter Description
Service name
name
Type: String
show service-udp
Parameters
Parameter Description
Service name
name
Type: String
show services-icmp
show services-tcp
show services-udp
show snmp
SNMP version3 user configuration options for: security level, authentication settings and passwords
show snmp
Description SNMP version3 user configuration options for: security level, authentication settings and passwords
Parameters
Parameter Description
version3 user name
user
Type: A string that contains (0-9, a-z, - . @) up to 64 characters without spaces
show snmp
Description SNMP general configuration options
show snmp
Description SNMP general configuration options
show snmp
Description SNMP general configuration options
show snmp
Description SNMP general configuration options
Description Configure, enable or disable traps from the list, the enabled traps are sent to the trap receivers
Description Configured destinations to receive traps sent by the SNMP agent, a trap is an SNMP agent’s way of
notifying the manager that something is wrong
Description SNMP version3 user configuration options for: security level, authentication settings and passwords
show snmp-general-all
show static-routes
show streaming-engine-settings
show streaming-engine-settings
Description Streaming engine settings
show switch
Switch
show switch
Description Switch
Parameters
Parameter Description
Name
name
Type: A switch name can be LAN[1-8]_Switch
show switch
Description Switch
Parameters
Parameter Description
Name
name
Type: A switch name can be LAN[1-8]_Switch
show switches
Description Switch
Syntax show switches
Parameters There are no parameters
Example show switches
Output Failure shows an appropriate error message.
Description User Check is a customizable message shown to users upon match, and allows to ’ask’ the user for
the desired action
Description User Check is a customizable message shown to users upon match, and allows to ’ask’ the user for
the desired action
Parameters
Parameter Description
File extension that represents this file type
extension Type: A string that contains less than 257 characters, of this set: 0-9, a-z or , . -
: () @
Description User Check is a customizable message shown to users upon match, and allows to ’ask’ the user for
the desired action
Syntax show threat-prevention anti-virus user-check ask
Parameters There are no parameters
Example show threat-prevention anti-virus user-check ask
Output Failure shows an appropriate error message.
Description User Check is a customizable message shown to users upon match, and allows to ’ask’ the user for
the desired action
Parameters
Parameter Description
The name of the exception
name
Type: A string of alphanumeric characters without space between them
The order of the rule in comparison to other rules
position
Type: Decimal number
Parameters
Parameter Description
The order of the rule in comparison to other rules
position
Type: Decimal number
Parameter Description
The order of the rule in comparison to other rules
position
Type: Decimal number
Description Configure exception rules to bypass IPS protections for specific traffic
Parameters
Parameter Description
The order of the rule in the rule base
position
Type: Decimal number
Description Configure exception rules to bypass IPS protections for specific traffic
Parameters
Parameter Description
The order of the rule in the rule base
position
Type: Decimal number
Parameters
Parameter Description
The IPS topic the override belongs to. Every override belongs to a single topic
protection-code Type: A number with no fractional part. Values are between -
4,503,599,627,370,495 to 4,503,599,627,370,495
Parameters
Parameter Description
The name of the IPS topic
protection-name
Type: A string of alphanumeric characters without space between them
show threat-prevention-advanced
show ui-settings
show ui-settings
Description Web Interface Settings and Customizations
Syntax show ui-settings
show ui-settings
Description Web Interface Settings and Customizations
Description Uses the internet probing (if probing is enabled) to automatically detect and fix 3G/4G internet con-
nectivity problems
show user-awareness
show user-awareness
Description User awareness configuration table
show user-awareness
Description User awareness configuration table
show vpn
Description Configure remote VPN sites
Parameters
Parameter Description
Site name
site Type: A string that begins with a letter and contains up to 32 alphanumeric (0-9,
a-z, _ -) characters without spaces
show vpn
Description Local network
Parameters
Parameter Description
A number identifying the Virtual Tunnel Interface (VTI)
tunnel
Type: A number with no fractional part (integer)
VPN Global
show wlan
show wlan
Description Virtual Access Point
Syntax show wlan vap <vap>
Parameters
Parameter Description
The name of the Virtual Access Point
vap
Type: A string that contains [A-Z], [0-9], ’_’, ’.’, ’-’ and ’/’ characters
show wlan
Description Virtual Access Point
Syntax show wlan
Parameters There are no parameters
Example show wlan
Wireless networks
update security-blades