Installation guide

ManualsBrandsMcafee ManualsOtherFIREWALL 2.1-GETTING STARTED

141

142

143

144

145

146

147

148

149

150

143

NGFW Engine Commands

sg-dynamic-routing

[start]

[stop]

[restart]

[force-reload]

[backup <file>]

[restore <file>]

[sample-config]

[route-table]

[info]

Firewall

start starts the Quagga routing suite.

stop stops the Quagga routing suite and flushes all routes

made by zebra.

restart restarts the Quagga routing suite.

force-reload forces reload of the saved configuration.

backup <file> backs up the current configuration to a

compressed file.

restore <file> restores the configuration from the specified

file.

sample-config creates a basic configuration for Quagga.

route-table prints the current routing table.

info displays the help information for the sg-dynamic-routing

command, and detailed information about Quagga suite

configuration with vtysh.

sg-ipsec -d

[-u <username[@domain]> |

-si <session id> |

-ck <ike cookie> |

-tri <transform id>

-ri <remote ip> |

-ci <connection id>]

Firewall

Deletes VPN-related information (use vpninfo command to

view the information). Option -d (for delete) is mandatory.

-u deletes the VPN session of the named VPN client user. You

can enter the user account in the form <username@domain> if

there are several user storage locations (LDAP domains).

-si deletes the VPN session of a VPN client user based on

session identifier.

-ck deletes the IKE SA (Phase one security association) based

on IKE cookie.

-tri deletes the IPSEC SAs (Phase two security associations)

for both communication directions based on transform identifier.

-ri deletes all SAs related to a remote IP address in gateway-to-

gateway VPNs.

-ci deletes all SAs related to a connection identifier in gateway-

to-gateway VPNs.

sg-logger

-f FACILITY_NUMBER

-t TYPE_NUMBER

[-e

EVENT_NUMBER]

[

-i "INFO_STRING"]

[-s]

[-h]

Firewall,

Layer 2

Firewall,

IPS

Used in scripts to create log messages with the specified

properties.

-f FACILITY_NUMBER parameter defines the facility for the

log message.

-t TYPE_NUMBER parameter defines the type for the log

message.

-e EVENT_NUMBER parameter defines the log event for the log

message. The default is 0 (H2A_LOG_EVENT_UNDEFINED).

-i "INFO_STRING" parameter defines the information string

for the log message.

-s parameter dumps information on option numbers to stdout

-h parameter displays usage information.

Table A.2 NGFW Engine Command Line Tools (Continued)

Command

Engine

Role

Description