cp_conf admin get    !! View current administrators
cp_conf admin add <user> <passw> <r|w>    !! Add user with read-only (r) or write (w) permissions
cp_conf admin del <admin1> <admin2> ...   !! Delete user(s)

cp_conf client get   !! View currently defined GUI clients
cp_conf client add <ip/netmask> !! Add a GUI client
cp_conf client del <GUI Client 2> <GUI Client 2> ... !! Delete GUI client(s)
cp_conf client createlist <GUI Client 1> <GUI Client 2>...  !! Add new GUI clients list

Documentation

[ # ]

Delete lock file from the following possible locations

  • $FWDIR/tmp
  • $FWDIR/log

Notes:

  • This should only be done if a user is showing locked even when they are logged out. Do NOT perform while a user is actually logged in.

[ # ]

// Storing information in AWK
RuleNum             - { rule = substr($0, match($0, /rule=[0-9]+/)+5, RLENGTH-5) };
Origin                    - { orig = substr($0, match($0, /orig=[0-9.]+/)+5, RLENGTH-5) };
Protocol               - { proto = substr($0, match($0, /proto=[0-9a-zA-Z]+/)+6, RLENGTH-6) };
DstPort                 - { port = substr($0, match($0, /service=[0-9]+/)+8, RLENGTH-8) };
SrcIP                      - { srcip = substr($0, match($0, /src=[0-9.]+/)+4, RLENGTH-4) };
DstIP                     - { dstip = substr($0, match($0, /dst=[0-9.]+/)+4, RLENGTH-4) };
xSrc                  - { xsrc = substr($0, match($0, /xlatesrc=[0-9.]+/)+9, RLENGTH-9) };
NatRule                - { natrule = substr($0, match($0, /NAT_rulenum=[0-9]+/)+12, RLENGTH-12) };

// Example - The following will count the protocols and ports hitting a specific rule (note: lea log format may have changed since writing this so should not be relied on completely)
grep 'orig=<ip> ' <log-filename> | grep 'rule=<rule#> ' | awk '{ proto = substr($0, match($0, /proto=[0-9a-zA-Z]+/)+6, RLENGTH-6) }; { port = substr($0, match($0, /service=[0-9]+/)+8, RLENGTH-8) }; {print proto " " port};'  | sort | uniq -c | sort -nr | awk 'BEGIN {print "\nHits\tProto\tPort";}{print $1"\t"$2"\t"$3}'

Notes:

  • The LEA logs order and field locations may have changed since this was created. May need modifications before working.
  • Useful for parsing the logs from LEA and looking for specific rules

[ # ]

Pre-IPSO 6.2
voyager -e 0 <port>    !! No Encryption
voyager -e 128 <port>  !! 128-bit SSL Encryption

IPSO 6.2+
set voyager ssl-port <port>

[ # ]

[admin]$ cplic print
Host    Expiration  Features
[ip]    [date]       CPMP-VFF-U-NGX CPVP-VSR-1000-NGX CPVP-VPS-1-NGX CK-asdfsadfsadf

!! Stored in $CPDIR/conf/cp.license
Sign {
LICENSE [ip] never CPMP-VFF-U-NGX CPVP-VSR-1000-NGX CPVP-VPS-1-NGX CK-asdfsadfsadf
}= [hash]

[ # ]

clish -c 'show sysenv all'

Notes:

  • View temperatures, voltages, fan speeds, etc.

[ # ]

ipsctl -a | grep chassis

[ # ]

clish -s -c 'set host name <hostname> ipv4 <ip>'

[ # ]

clish -s -c 'add snmp community <community> read-only'

Below is a list of all SNMP configuration options

set snmp daemon <on|off>
set snmp snmp-version v<1/2/3>
add snmp trapreceiver <trace-reciever-ip> community public version v<1/2/3>
set snmp trapPduAgent <trap-ip>
add snmp address <polling-device-ip>
add snmp read-only community <community>
add snmp read-write community <community>
set snmp traps coldstart status  <on|off>
set snmp traps authorization status <on|off>
set snmp traps cluster-member-join status <on|off>
set snmp traps cluster-member-left status <on|off>
set snmp traps cluster-member-reject status <on|off>
set snmp traps cluster-new-master status <on|off>
set snmp traps cluster-protocol-interface status <on|off>
set snmp traps link-up-down status <on|off>
set snmp traps sys-config-change status <on|off>
set snmp traps sys-config-filechange status <on|off>
set snmp traps sys-config-savechange status <on|off>
set snmp traps sys-diskfailure status <on|off>
set snmp traps sys-diskmirr-create status <on|off>
set snmp traps sys-diskmirr-delete status <on|off>
set snmp traps sys-diskmirr-syncfail status <on|off>
set snmp traps sys-diskmirr-syncsuccess status <on|off>
set snmp traps sys-fan-failure status <on|off>
set snmp traps sys-lowdiskspace status <on|off>
set snmp traps sys-nodiskspace status <on|off>
set snmp traps sys-overtemperature status <on|off>
set snmp traps sys-powersupply-failure status <on|off>
set snmp traps sys-snmpshutdown status <on|off>
set snmp traps vrrp-authfail status <on|off>
set snmp traps vrrp-newmaster status <on|off>

[ # ]

set mcvr vrid <1-255> priority <1-254> priority-delta <1-254> authtype <none|simple> [password] hello-interval <1-255>
add mcvr vrid <1-255> backup-address <vip>
delete mcvr vrid <1-255> backup-address <vip>

Documentation

[ # ]