VPN Commands

These commands relate to VPN and are also documented in the R77 Command Line Interface
Reference Guide.

VPN Command Line interface

Command Description

VPN This command and subcommands are used for working with various
aspects of VPN. VPN commands executed on the command line
generate status information regarding VPN processes, or are used to
stop and start specific VPN services.

vpn compreset This command resets the compression/decompression statistics to

zero.

vpn compstat This command displays compression/decompression statistics.

vpn crl_zap This command is used to erase all Certificate Revocation Lists
(CRLs) from the cache.

vpn crlview This command retrieves the Certificate Revocation List (CRL) from
various distribution points and displays it for the user.

vpn debug This command instructs the VPN daemon to write debug messages to
the log file: $FWDIR/log/vpnd.elg.

vpn drv This command installs the VPN kernel (vpnk) and

connects it to the Firewall kernel (fwk), attaching the

VPN driver to the Firewall driver.

vpn export_p12 This command exports information contained in the network objects
database and writes it in the PKCS#12 format to a file with the p12
extension.

vpn macutil This command is related to Remote Access VPN, specifically Office
mode, generating a MAC address per remote user. This command is
relevant only when allocating IP addresses via DHCP.

vpn mep_refresh This command causes all MEP tunnels to fail-back to the best
available gateway, providing that backup stickiness has been
configured.

vpn nssm_toplogy This command generates and uploads a topology (in NSSM format) to
a IPSO NSSM server for use by IPSO clients.

vpn overlap_encdom This command displays all overlapping VPN domains. Some IP
addresses might belong to two or more VPN domains. The command
alerts for overlapping encryption domains if one or both of the
following conditions exist:

The same VPN domain is defined for both Security Gateways

If the gateway has multiple interfaces, and one or more of the

interfaces has the same IP address and netmask.

vpn sw_topology This command downloads the topology for a SofaWare Security
Gateway.

vpn ver This command displays the VPN major version number and build
number.

vpn tu This command launches the TunnelUtil tool which is used to control
VPN tunnels.
SecureClient Commands
The following commands relate to SecureClient.

SecureClient command line interface

Command Explanation

SCC VPN commands executed on SecureClient are used to generate status

information, stop and start services, or connect to defined sites using
specific user profiles.

scc connect This command connects to the site using the specified profile, and
waits for the connection to be established. In other words, the OS does
not put this command into the background and executes the next
command in the queue.

scc connectnowait This command connects asynchronously to the site using the specified
profile. This means, the OS moves onto the next command in the
queue and this command is run in the background.

scc disconnect This command disconnects from the site using a specific profile.

scc erasecreds This command unsets authorization credentials.

scc listprofiles This command lists all profiles.

scc numprofiles This command displays the number of profiles.

scc restartsc This command restarts SecureClient services.

scc passcert This command sets the user's authentication credentials when
 authentication is performed using certificates.

scc setmode <mode> This command switches the SecuRemote / SecureClient mode.

scc setpolicy This command enables or disables the current default security policy.

scc sp This command displays the current default security policy.

scc startsc This command starts SecureClient services.

scc status This is command displays the connection status.

scc stopsc This command stops SecureClient services.

scc suppressdialogs This command enables or suppresses dialog popups. By default,

suppressdialogs is off.

scc userpass This command sets the user's authentication credentials -- username,
and password.

scc ver This command displays the current SecureClient version.

scc icacertenroll This command enrolls a certificate with the internal CA, and currently
receives 4 parameters - site, registration key, filename and password.
Currently the command only supports the creation of p12 files.

scc sethotspotreg This command line interface now includes HotSpot/Hotel registration
support.
Desktop Policy Commands
The following command lines relate to the Desktop Policy.

Desktop Policy command line interface

Command Description

dtps ver This command displays the policy server version.

dtps debug [on|off] This command starts or stops the debug printouts to
$FWDIR/log/dtps.elg

fwm psload <path to desktop policy
file> <target>
This command loads the Desktop Policy onto the
module. The target is the name of the module where the
Desktop Policy is being loaded and should be entered as
it appears in SmartDashboard. This command should be
run from the management.

For example: fwm psload $FWDIR/conf/Standard.S

Server_1

fwm sdsload <path to SDS objects
file> <target>
This command loads the SDS database onto the module.
The target is the name of the module where the SDS
objects file is being loaded and should be entered as it
appears in SmartDashboard. This command should be
run from the management.

For example: fwm sdsload

$FWDIR/conf/SDS_objects.C Server_1