!! Snoop Filter - More basic capture
!! Enable
snoop filter ip src-ip <src IP> dst-ip <dest IP>
snoop
!! Disable
snoop off
snoop filter del

!! Flow Filter - Much more information on the packet flow
!! Enable
set ff src-ip <src IP> dst-ip <dest IP>
debug flow basic
!! Disable
undebug all
unset ff  !! Unset the filter op

Notes:

  • Use 'get db st' to view the output
  • Use 'clear db' to clear the capture but keep it running

[ # ]

tail -f /var/log/messages | grep vpn  !! View VPN logs
echo /config/userdb/list | igcli -n   !! View VPN Users
service sslvpn-plus status            !! View SSL VPN status
tail -f /var/log/messages | grep sslvpnstatslogd  !! View SSL VPN user logs

!! View VPN Tunnels
echo /config/sad/salist | igcli -n

echo "/config/sad/saflush *" | igcli -n           !! Teardown ALL ipsec SAs
echo /config/sad/saflush <vpn name> | igcli -n  !! Teardown a specific ipsec SA
echo /config/ike/saflush | igcli -n             !! Teardown ALL ike SAs

[ # ]

grep ruleorder /var/log/messages | awk -Fruleorder= '{print $2}' | sort | uniq -c | sort -nr | awk 'BEGIN {print "Rule\\tHits";}{print $2,"\\t",$1}'

[ # ]

egrep "iss-(spa|fvmCfg)" /var/log/messages

[ # ]

egrep -o " version='.*' xml" /etc/crm/policies/cml/NetworkProtector/fwm/npfwm1_0.xml        !! Firewall/VPN
egrep -o " version='.*' xml" /etc/crm/policies/cml/NetworkProtector/ssls/npssls1_0.xml      !! SSL VPN
egrep -o " version='.*' xml" /etc/crm/policies/cml/NetworkObjects/networkobjects1_0.xml    !! Network Objects Version

[ # ]

!! To Unregister
vi /etc/crm/policies/cml/NetworkProtector/mgmt/npmgmt1_0.xml
CHANGE
    <Config Enabled=\'true\' GroupNameHint=\'<group>\' HeartbeatInterval=\'900\' UseLocalSettings=\'true\'>
TO
    <Config Enabled=\'false\' GroupNameHint=\'<group>\' HeartbeatInterval=\'900\' UseLocalSettings=\'true\'>

service iss-spa restart

[ # ]

  1. Log into the device as the root user
  2. Run the following:

    service iss-spa unregister

  3. Remove the registration and heartbeat files. The heartbeat file may not exist.

    rm -f /etc/lmi/spregistered rm -f /tmp/heartbeat_inprogress.lck

[ # ]

service hearbeat restart

Notes:

  • Performed on the active unit

[ # ]

htpasswd /var/www/auth/htpasswd admin

Notes:

  • This resets the Admin password required to login to the LMI of the device.

[ # ]

ifconfig <interface> <ip> netmask <netmask> up

Notes:

  • Useful for modifying IP without updating via Site Protector

[ # ]