cp_conf client get        !! View configured GUI clients
cp_conf client add <ip>   !! Add a client to the current GUI clients list
cp_conf client del <ip> <ip> <etc>    !! Delete 1+ GUI clients
cp_conf client createlist <ip> <ip> <etc>     !! Create a new GUI list (will overwrite the old) and add 1+ GUI clients

cp_conf admin get         !! View configured administrators
cp_conf admin add <user> <pass> <a|w|r>   !! Add new admin user, a - read/write/manage admins, w - read/write, r - read only
cp_conf admin del <user> <user>     !! Delete 1+ admin users

cp_conf sic state         !! View current SIC status
cp_conf sic <key>         !! Initialize SIC state
cp_conf sic cert_pull <management-server> <object>      !! Pull the certificate of a DAIP object

cp_conf finger get        !! View the management server fingerprint

cp_conf lic get           !! View licenses
cp_conf lic add -f <file>   !! Add license from license file
cp_conf lic add -m <host> <date> <license-key> <SKU>      !! Add license manually
cp_conf lic del <signature-key>     !! Remove a lice

cp_conf ha <enable|disable> [norestart]   !! Enable/Disable HA. Add 'norestart' to command to keep device from preforming a cpstop;cpstart
cp_conf sxl <enable|disable>      !! Enable/Disable SecureXL

cp_conf snmp get        !! View current status of the SNMP module
cp_conf snmp <enable|disable>     !! Enabe/Disable SNMP

[ # ]

webui enable <port>
webui disable

Documentation

[ # ]

netstat -rn | grep instance    // Look for the 2 non "default" tables
netstat -rn | egrep \'instance|iCSU\'    // View PBR table
clish -s 'show aclrules'    // View ACLs
clish -s 'show acl'    // View interfaces ACLs are configured for

[ # ]

useradd -u 0 -g 0 -o -s /bin/bash <username>

[ # ]

Delete lock file from the following possible locations

  • $FWDIR/tmp
  • $FWDIR/log

Notes:

  • This should only be done if a user is showing locked even when they are logged out. Do NOT perform while a user is actually logged in.

[ # ]

// Storing information in AWK
RuleNum             - { rule = substr($0, match($0, /rule=[0-9]+/)+5, RLENGTH-5) };
Origin                    - { orig = substr($0, match($0, /orig=[0-9.]+/)+5, RLENGTH-5) };
Protocol               - { proto = substr($0, match($0, /proto=[0-9a-zA-Z]+/)+6, RLENGTH-6) };
DstPort                 - { port = substr($0, match($0, /service=[0-9]+/)+8, RLENGTH-8) };
SrcIP                      - { srcip = substr($0, match($0, /src=[0-9.]+/)+4, RLENGTH-4) };
DstIP                     - { dstip = substr($0, match($0, /dst=[0-9.]+/)+4, RLENGTH-4) };
xSrc                  - { xsrc = substr($0, match($0, /xlatesrc=[0-9.]+/)+9, RLENGTH-9) };
NatRule                - { natrule = substr($0, match($0, /NAT_rulenum=[0-9]+/)+12, RLENGTH-12) };

// Example - The following will count the protocols and ports hitting a specific rule (note: lea log format may have changed since writing this so should not be relied on completely)
grep 'orig=<ip> ' <log-filename> | grep 'rule=<rule#> ' | awk '{ proto = substr($0, match($0, /proto=[0-9a-zA-Z]+/)+6, RLENGTH-6) }; { port = substr($0, match($0, /service=[0-9]+/)+8, RLENGTH-8) }; {print proto " " port};'  | sort | uniq -c | sort -nr | awk 'BEGIN {print "\nHits\tProto\tPort";}{print $1"\t"$2"\t"$3}'

Notes:

  • The LEA logs order and field locations may have changed since this was created. May need modifications before working.
  • Useful for parsing the logs from LEA and looking for specific rules

[ # ]

[admin]$ cplic print
Host    Expiration  Features
[ip]    [date]       CPMP-VFF-U-NGX CPVP-VSR-1000-NGX CPVP-VPS-1-NGX CK-asdfsadfsadf

!! Stored in $CPDIR/conf/cp.license
Sign {
LICENSE [ip] never CPMP-VFF-U-NGX CPVP-VSR-1000-NGX CPVP-VPS-1-NGX CK-asdfsadfsadf
}= [hash]

[ # ]

fwpolicy.exe /RB: <policy-name> connect <ip> <username>  !! SmartDashboard
CPlgv.exe connect <ip> <username>  !! SmartView Tracker
provider.exe connect <ip> <username>  !! Provider-1

Notes:

  • 'cd' into the application's directory first
  • This is for versions R55 - <R80

[ # ]

clish -c 'show sysenv all'

Notes:

  • View temperatures, voltages, fan speeds, etc.

[ # ]

ipsctl -a | grep chassis

[ # ]