In UserGate NGFW, you can perform device configuration with the help of the command-line interface, or CLI. The administrator can use CLI to run diagnostic commands, such as ping, nslookup, or traceroute, configure the device's network settings and security policies, as well as reboot or shut down the device.
CLI can be useful for troubleshooting network problems or when access to the web console is lost --- for example, due to an incorrectly set interface IP address or erroneous zone access control settings that block connections to the web interface.
You can connect to the CLI using the standard VGA/keyboard ports (if physically present on the NGFW equipment), via the serial port, or via SSH over the network.
To connect to the CLI using a monitor and keyboard, follow these steps:
|
Name |
Description |
|---|---|
|
Step 1. Connect a monitor and keyboard to the NGFW device. |
Connect a monitor to a VGA (HDMI) port and a keyboard to a USB port. |
|
Step 2. Log in to the CLI. |
Log in to the CLI using the login name and password for a user with Full administrator permissions (the default is Admin). |
To connect to the CLI using the serial port, follow these steps:
|
Name |
Description |
|---|---|
|
Step 1. Connect to the NGFW device. |
Use a special serial cable or a USB-Serial adapter to connect your computer to NGFW. |
|
Step 2. Launch a terminal. |
Launch a terminal that supports serial port connection, such as Putty for Windows or minicom for Linux. Establish a serial port connection using 115200 8n1 as the connection parameters. |
|
Step 3. Log in to the CLI. |
Log in to the CLI using the login name and password for a user with Full administrator permissions (the default is Admin). |
To connect to the CLI using the SSH protocol, follow these steps:
|
Name |
Description |
|---|---|
|
Step 1. Allow CLI (SSH) access for the selected zone. |
Allow SSH access for the CLI protocol in the settings for the zone to which you want to connect for CLI management. The TCP port 2200 will be opened. |
|
Step 2. Launch an SSH terminal. |
Launch an SSH terminal on your computer, such as SSH for Linux or Putty for Windows. Specify the NGFW address as the IP address, 2200 as the connection port, and the name of a user with Full administrator permissions as the login name (the default is Admin). For Linux, the connection command should look like this: ssh Admin@IPNGFW -p 2200 |
|
Step 3. Log in to the CLI. |
Log in to the CLI using the password for the user specified in the previous step. |
Upon successful authorization for CLI access, a command prompt will be displayed (diagnostics and monitoring mode). To view the current available options or use autocomplete, press Tab or ?. Available values:
-
traceroute: trace the connection route to a specific host
-
shutdown: shutting down NGFW
-
show: view the network settings, perform traffic monitoring, and view LLDP information
-
clear: update the OSPF and BGP information
-
check-geoip: check the ownership of an IP address using the current GeoIP database
-
ping: ping a specific host
-
reboot: reboot NGFW
-
date: view the current server date and time
-
exit: exit the command line
-
netcheck: check the availability of a 3rd party HTTP/HTTPS server
-
configure: switch to the configuration mode
-
dig: check the DNS record for a domain.
These commands are available in the configuration mode. For more details, see the Execute Commands and Diagnostics and Monitoring Commands sections.
To abort the current command, press Ctrl+C; to view command history, use the ↑ and ↓ keys.
All CLI commands have the following structure:
<action> <level> <filter> <configuration_info>
where:
<action> is the action to be performed;
<level> is the configuration level corresponding to the NGFW web interface section;
<filter> is the identifier of the object being accessed; and
<configuration_info> is the set of parameter values to be applied to the <filter> object.
CLI supports multi-line command entry. To move to a new line, add "\" at the end of the current one. Starting from the second line, entering "\" is not required; to finish the entry, enter one empty line:
Admin@nodename# set users user example \ ... name username1 ... enabled on ... groups [ "Default Group" ] ... Admin@nodename#