fw tab -s -t userc_users    !! Number of currently connected VPN users
fw tab -f -t userc_users    !! List of currently connected VPN users
fw tab -t vpn_enc_domain_valid -f -u    !! View encryption domains (may be very large)

!! The following are for clearing peers if 'vpn tu' cannot be accessed
vpn shell /show/tunnels/IKE/all
vpn shell /show/tunnels/ipsec/all
vpn shell /show/tunnels/ike/peer/<peer-ip>
vpn shell /show/tunnels/ipsec/peer/<peer-ip>

vpn shell /tunnels/delete/all
vpn shell /tunnels/delete/IKE/all
vpn shell /tunnels/delete/IKE/peer/<peer-ip>
vpn shell /tunnels/delete/IPsec/all
vpn shell /tunnels/delete/IPsec/peer/<peer-ip>

[ # ]

clish -s -c 'add host name <hostname|domain> ipv4-address <ip>'

Notes:

  • Do NOT directly edit the /etc/hosts file

[ # ]

clish -c 'show sysenv all'

Notes:

  • View temperatures, voltages, fan speeds, etc.

[ # ]

tcpdump -nni [interface] host [ip]
tcpdump -nni [interface] net [ip]/[cidr]
tcpdump -nni [interface] host [ip] and port [port]
tcpdump -nni [interface] vlan [vlan #] and host [ip]
tcpdump -w [file].cap -s 1514 -nni [interface] host [src] and host [dst]        !! captures entire packet into file
tcpdump -r [file].cap                    !! Replay the capture from the file
tcpdump -nni [interface] host [ip] &      !! & symbol puts capture in the background
tcpdump -nni [interface] \(host [ip] or host [ip]\) and \(host [ip] or host [ip]\)
tcpdump -nni [interface] ip proto 112

fw monitor -e 'accept src=[ip] or dst=[ip] ;'    !! net ip/CIDR ??
fw monitor -e "accept (src=192.168.11.1 and dst=10.10.10.1) or (src=10.10.10.1 and dst=192.168.11.1);"

[ # ]

[admin]$ cplic print
Host    Expiration  Features
[ip]    [date]       CPMP-VFF-U-NGX CPVP-VSR-1000-NGX CPVP-VPS-1-NGX CK-asdfsadfsadf

!! Stored in $CPDIR/conf/cp.license
Sign {
LICENSE [ip] never CPMP-VFF-U-NGX CPVP-VSR-1000-NGX CPVP-VPS-1-NGX CK-asdfsadfsadf
}= [hash]

[ # ]

cpca_client lscert -stat <Pending|Valid|Revoked|Expired|Renewed> -kind <SIC|IKE|User|LDAP>

!! Example to view valid SIC certs:
cpca_client lscert -stat Valid -kind SIC

Documentation

[ # ]

fw ctl arp

[ # ]

cpstat fw -f policy       !! Similar to 'fw stat' but with more information

Notes:

  • This provides connection counts, current policy name, last policy install time, interface based stats (such as accepted packets, drops, etc)

[ # ]

The following command will allow you to view CPU statistics, memory usage, hard drive usage, throughput, etc in real time through the firewall or management server

This command was added in R77. Older versions do not have this ability.

cpview

To start the cpviewd process:

cpwd_admin start -name CPVIEWD -path "$FWDIR/bin/cpviewd" -command "cpviewd"

To stop the cpviewd process

cpwd_admin stop -name CPVIEWD

Documentation

[ # ]

cpstat mg

[ # ]