General Command Structure in Configuration Mode

CLI commands have the following structure:

<action> <level> <filter> <configuration_info>

where:

<action> is the action to be performed;

<level> is the configuration level corresponding to the NGFW web interface section;

<filter> is the identifier of the object being accessed; and

<configuration_info> is the set of parameter values to be applied to the <filter> object.

Name

Description

<action>

The following actions are available in the configuration mode:

  • execute: execute commands not related to UserGate configuration (ping, date, traceroute, etc.). The command is available regardless of the configuration level (<level>).

  • set: edit all objects and enable various parameters, e.g. radmin.

  • end: go one level up.

  • show: display the current values. You can use this at any configuration level. Displays everything below the current level.

  • edit: go to a specific configuration level. The configuration level is displayed under the command line.

  • top: go back to the topmost configuration level.

  • exit: exit the configuration mode.

  • export: export the configuration.

  • import: import the configuration.

  • create: create new objects.

  • delete: delete an object or a parameter from the parameter list.

  • debug: enable logging of dynamic routing protocol events.

For example, to view information about all interfaces, run the following command:

Admin@nodename# show network interface

To go to the network interface level, use the following command. The current level will be displayed above the command line:

Admin@nodename# edit network interface [ network interface ] Admin@nodename#

After you go to the network interface level, use the show command to show all interfaces without specifying a level:

Admin@nodename# show adapter: port0 interface-name : port0 node-name : utmcore@dineanoulwer zone : Management enabled : on ip-addresses : 192.168.56.3/24 iface-mode : dhcp ... ... ...

To return from the network interface level back to the general level of the configuration mode, use the end command twice:

[ network interface ] Admin@nodename# end [ network ] Admin@nodename# end Admin@nodename#

To return to the topmost level of the configuration with a single command, you can use the top command:

[ network interface ] Admin@nodename# top Admin@nodename#

<level>

Levels in the command line follow the UserGate NGFW web interface:

  • security-policy: corresponds to the Security policies section of the web interface.

  • network: corresponds to the Network section of the web interface.

  • settings: corresponds to the UserGate section of the web interface.

  • global-portal: corresponds to the Global portal section of the web interface.

  • network-policy: corresponds to the Network policies section of the web interface.

  • vpn: corresponds to the VPN section of the web interface.

  • users: corresponds to the Users and devices section of the web interface.

  • libraries: corresponds to the Libraries section of the web interface.

  • monitoring: corresponds to the Diagnostics and monitoring section of the web interface.

  • waf: corresponds to the WAF section of the web interface.

<filter>

ID of the object which is being accessed. Objects are identified by their name. If there are objects with identical names or it is more convenient to identify objects by another parameter, specify <configuration_info> in parentheses (this is discussed later in the section). This will find an object matching all the fields specified in parentheses.

For example, you need to display information about the port0 interface on another cluster node. The command

Admin@nodename# show network interface adapter port0

will display information about the interface port0 on the current UserGate node. To preview information about the port0 interface on another node (named another_node for instance), you need to explicitly specify the node name in parentheses:

Admin@nodename# show network interface adapter ( node-name another_nodename interface port0 )

Important! Parentheses should be separated by spaces on both sides.

<configuration_info>

Set of parameter-argument pairs. where the parameter is the name of the field for which you need to set the argument. Arguments can be single-valued or multi-valued.

A single-valued argument is the value of the parameter. If the string contains spaces, use quotation marks.

For example, to create a group named VPN users:

Admin@nodename# create users group "VPN users"

Multi-valued arguments are used to set multiple values of a parameter; include them in square brackets and separate by spaces.

For example, you want to add user1 and user2 to the "VPN users" group. Then you need to set [ user1 user2 ] as the argument for the users parameter:

Admin@nodename# set users group "VPN users" users [ user1 user2 ]

Important! Square brackets should be separated by spaces on both sides.