!! Ensure ssh is allowed on the interface you are attempting to access
config system interface
edit <interface>
set allowaccess ping https ssh  !! SSH added to the other allowed admin options
end

!! Enable SCP
config system global
set admin-scp enable
end

!! To backup the system
scp admin@<ip>:sysconfig <local-file>

Notes:

  • SCP is disabled by default and may become disabled after an upgrade

[ # ]

config admin
 edit <username>
  set accprofile "super_admin"
  set password <password>
  set trusthost1 <ip>/<cidr>
  set trusthost2 <ip>/<cidr>  // Add as many as required
  end

[ # ]

sync-prefs

[ # ]

debug wccp events
debug wccp packets
sh wccp

[ # ]

!! Traffic still needs to be allowed on the inside ACL. This ACL will still be hit first !!
access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0 any eq www
access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0 any eq https

!! The first ACL is for bypassing the proxy !!
access-list WCCP_Redirect extended deny ip object-group ProxyBypass any
access-list WCCP_Redirect extended permit tcp 192.168.1.0 255.255.255.0 any eq 80
access-list WCCP_Redirect extended permit tcp 192.168.1.0 255.255.255.0 any eq 443

!! Proxy ACL !!
access-list WCCP-Proxy extended permit ip host <Proxy Server> any

!! The service id (web-cache and 70 in the following cases) is configured on the proxy. We need to know this information from the client !!
!! Commonly used service IDs !!
!! web-cache or 0 - HTTP !!
!! 53 - DNS !!
!! 60 - FTP !!
!! 70 - HTTPS !!
!! The following redirects HTTP traffic based on the WCCP_Redirect ACL !!
wccp web-cache redirect-list WCCP_Redirect group-list WCCP-Proxy
wccp interface inside web-cache redirect in

!! The following redirects HTTPS traffic based on the WCCP_Redirect ACL !!
wccp 70 redirect-list WCCP_Redirect group-list WCCP-Proxy
wccp interface inside 70 redirect in

[ # ]

diag debug report

[ # ]

get sys  !! Uptime
get perf session  !! Connection Count
get perf cpu detail
get perf cpu all detail  !! * means above threshold
get event level critical  !! View failovers or other critical evens
get counter statistics  !! CRC errors, etc

[ # ]

diag test app ipsmonitor <#>
  • 1: Display IPS engine information
  • 2: Toggle IPS engine enable/disable status
  • 3: Display restart log
  • 4: Clear restart log
  • 5: Toggle bypass status
  • 97: Start all IPS engines
  • 98: Stop all IPS engines
  • 99: Restart all IPS engines and monitor

Documentation

[ # ]

firewall-<disable|enable>

[ # ]

set log exclude-id <#> user-id <username> event-type <event-id> scr-ip <ip> src-netmask <netmask> dst-ip <ip> dst-netmask <netmask> dst-port <port> <success|failure>

You can set any of the above options to attempt to hide specific log messages. For instance, let's assume I wanted to stop logging the following admin login messages:

Feb 10 00:00:01 192.168.1.1 LocalFirewall: NetScreen device_id=LocalFirewall [Root]system-information-00519: ADM: Local admin authentication successful for login name admin (2014-02-10 00:00:01)

The following would work to suppress all successful logins with mesage id 00519 for the 'admin' user

set log exclude-id 1 user-id "admin" event-type 519 success

Notes

  • ScreenOS version 6.2+ required
  • A maximum of 10 exclude rules are allowed

Documentation

[ # ]