COMPREHENSIVE INTERNET SECURITY ™

SonicWALL Internet Security Appliances

SonicOS Standard/Enhanced
Command Line Interface (CLI)
Guide
 ,QWURGXFWLRQ
This document contains a categorized complete listing of Command Line Interface (CLI) commands for
SonicOS Standard and Enhanced firmware for the Pro 4060, Pro 2040 and TZ 170 devices. Each
command is described and, where appropriate, an example of usage is included.

1RWH Commands using port spec x0, 1x, etc. only take IDs for existing ports on the device. For example, the
TZ170 uses x0-x2, the Pro 2040 x0-x3, and the Pro 4060 x0-x5.
This User’s Guide contains the following sections:
• Input Data Format Specification
• Text Conventions
• Editing and Completion Features
• Command Hierarchy
• Configuration Security
• Management Methods for Each Appliance
• Initiating a Management Session
• Command Set Status

,QSXW'DWD)RUPDW6SHFLILFDWLRQ
The table below describes the data formats acceptable for most commands. H represents one or more
hexadecimal digit (0-9 and A-F). D represents one or more decimal digit.
,QSXW'DWD)RUPDWV

Data Data Format

MAC Address HH:HH:HH:HH:HH:HH

MAC Address HHHH.HHHH.HHHH

IP Address D.D.D.D

IP Address 0xHHHHHHHH

Integer Values D

Integer Values 0xH

Integer Range D-D

7H[W&RQYHQWLRQV
Bold text indicates a command executed by interacting with the user interface.
Courier bold text indicates commands and text entered using the CLI.
Italic text indicates the first occurrence of a new term, as well as a book title, and also emphasized text.
In this command summary, items presented in italics represent user-specified information.
Items within angle brackets (“< >”) are required information.
Items within square brackets (“[ ]”) are optional information.
Items separated by a “pipe” (“|”) are options. You can select any of them.

Page 1
1RWH Though a command string may be displayed on multiple lines in this guide, it must be entered on a
single line with no carriage returns except at the end of the complete command.

(GLWLQJDQG&RPSOHWLRQ)HDWXUHV
You can use individual keys and control-key combinations to assist you with the CLI. The table below
describes the key and control-key combination functions.
.H\5HIHUHQFH7DEOH

Key(s) Function
Tab Completes the current word
? Displays possible command completions
CTRL+A Moves cursor to the beginning of the command line
CTRL+B Movers cursor to the previous character
CTRL+C Exits the Quick Start Wizard at any time
CTRL+E Moves cursor to the end of the command line
CTRL+F Moves cursor to the next character
CTRL+K Erases characters from the cursor to the end of the line
CTRL+N Displays the next command in the command history
CTRL+P Displays the previous command in the command history
CTRL+W Erases the previous word
Left Arrow Moves cursor to the previous character
Right Arrow Moves the cursor to the next character
Up Arrow Displays the previous command in the command history
Down Arrow Displays the next command in the command history

Page 2 SonicWALL Command Line Interface Guide

Most configuration commands require completing all fields in the command. For commands with several
possible completers, the Tab or ? key display all options.
myDevice> show [TAB]

alerts interface network tech-support

arp log processes tsr

content-filter memory route web-management

cpu messages security- zone

services

device nat status zones

gms netstat system

The Tab key can also be used to finish a command if the command is uniquely identified by user input.
myDevice> show al [TAB]
displays
myDevice> show alerts
Additionally, commands can be abbreviated as long as the partial commands are unique. The following
text:
myDevice> sho int inf
is an acceptable abbreviation for
myDevice> show interface info

Page 3
&RPPDQG+LHUDUFK\
The CLI configuration manager allows you to control hardware and firmware of the appliance through a
discreet mode and submode system. The commands for the appliance fit into the logical hierarchy shown
below.
To configure items in a submode, activate the submode by entering a command in the mode above it.
For example, to set the default LAN interface speed or duplex, you must first enter configure, then
interface x0 lan. To return to the higher Configuration mode, simply enter end or finished.

&RQILJXUDWLRQ6HFXULW\
SonicWALL Internet Security appliances allow easy, flexible configuration without compromising the
security of their configuration or your network.
3DVVZRUGV
The SonicWALL CLI currently uses the administrator’s password to obtain access. SonicWALL devices
are shipped with a default password of password. Setting passwords is important in order to access the
SonicWALL and configure it over a network.
)DFWRU\5HVHWWR'HIDXOWV
If you are unable to connect to your device over the network, you can use the command restore to reset
the device to factory defaults during a serial configuration session.

Page 4 SonicWALL Command Line Interface Guide

0DQDJHPHQW0HWKRGVIRUWKH6RQLF:$//,QWHUQHW6HFXULW\$SSOLDQFH
You can configure the SonicWALL appliance using one of two methods:
• Using a serial connection and the configuration manager
-An IP address assignment is not necessary for appliance management.
-A device must be managed while physically connected via a serial cable.
• Web browser-based User Interface
-In IP address must have been assigned to the appliance for management or use the default of
192.168.168.168.
,QLWLDWLQJD0DQDJHPHQW6HVVLRQXVLQJWKH&/,
Serial Management and IP Address Assignment
Follow the steps below to initiate a management session via a serial connection and set an IP address for
the device.

1RWH The default terminal settings on the SonicWALL and modules is 80 columns by 25 lines. To ensure the
best display and reduce the chance of graphic anomalies, use the same settings with the serial terminal
software. The device terminal settings can be changed, if necessary. Use the standard ANSI setting on
the serial terminal software.
1. Attach the included null modem cable to the appliance port marked CONSOLE. Attach the other end
of the null modem cable to a serial port on the configuring computer.
2. Launch any terminal emulation application that communicates with the serial port connected to the
appliance. Use these settings:
• 115,200 baud (9600 for TZ170)
• 8 data bits
• no parity
• 1 stop bit
• no flow control
3. Press Return. Initial information is displayed followed by a DEVICE NAME> prompt.

Page 5
6RQLF26(QKDQFHG&RPPDQG/LVWLQJ
The following table displays all commands available for the SonicWALL.

• Top Level Command Description

• Configuration Command Description
• Interface Configuration Command Description
• Log Category Command Description
• Zone Command Description
&RPPDQG'HVFULSWLRQV

Command Description

show alerts Show alerts

show arp Displays currently known arp entries

show content filter Show content filter list status

show cpu Show cpu and memory information

show device Displays on the console the contents of the status

section of the Tech Support Report (TSR)

show gms Displays GMS configuration

show interface details Displays on the console the contents of the network
<x1|x2|x3|x4|x5> section of the TSR

Show interface status <x1|x2|x3|x4|x5> Displays on the console basic interface status for
the SonicWALL, such as active/inactive/disabled,
speed setting, duplex setting, IP addressing infor-
mation

show log content Display the SonicWALL log contents

show log settings Display the configuration data

show memory Display the system memory on the appliance

show messages Show system messages

show nat policies Display on the console the NAT policy section of the
TSR

show netstat Displays the contents of the netstat table.

show network Shows the network summary.

show processes Display procedure information.

show route Displays the complete routing table.

show security-services Displays the complete status of all security services

on the SonicWALL, including license status,
licenses available, licenses in use, and license expi-
ration dates.

show status Shows the current status of the appliance.

Page 6 SonicWALL Command Line Interface Guide

 Command Description

show tech-support Displays the contents of the TSR.

show tsr <all | av | cfl | dhcpc Displays on the console the named TSR sections or
|dhcprelay | dhcps | dhcpsstat | eth- all of the TSR.
ernet | ha | ip-helper | ipsec |
l2tpclient | license | log | manage-
ment | network | objects | policies |
pppoe | pptpclient | radius | snmp |
status | time | update | users | wlb>

show web-management Display the Web-management status and configura-

tion.
Show zone <name> Displays on the console all rules for the specified
zone. For example, show zone <lan rules> displays
all of the rules to and from the LAN zone.
show zones Displays configured zones on the appliance and
interfaces associated with each zone.

Page 7
 7RS/HYHO&RPPDQGV

Command Description

clear screen Clears the console screen, leaving a single

prompt line.

clear log Clear log.

cls Clears the console screen, leaving a single

prompt line.

configure Enters the configuration level

exit Causes you to exit the submenu, or if issued

at the global level, returns to the login prompt.

export preferences Export a preferences file using Z-modem.

export tst Export TSR using Z-modem.

help <command> Displays the command and description.

import Import preferences from the SonicWALl using

Z-modem.

logout Log out from the console.

nslookup <Domain Name> Look up the IP address of the given domain

name from the configured domain name serv-
ers.

ping <IP address|Domain Name> Sends ICMP packets to the destination IP

address.

restart Restart the SonicWALL.

restore Restore the factory default settings on the

SonicWALL

synchronize-licenses Synchronizes the SonicWALL licensing infor-

mation with the mysonicwall.com backend.

traceroute <IP address|Domain Displays router hops to destination.

Name>

Page 8 SonicWALL Command Line Interface Guide

 &RQILJXUH/HYHO&RPPDQGV

Command Description

[no] arpt <IP address><MAC Add and remove arp entries for specified inter-
address> interface <lan|wan|dmz> face.
[perm] [pub]

end Exit configuration menu.

help <command> Displays command and description.

interface <x1|x2|x3|x4|x5> Assigns a zone to an interface and then enters
[<lan|wan|dmz>] the configuration of the interface.

gms Enter GMS configuration menu.

GMS Configuration

algorithm <des-md5|frd3-sha> Sets GMS encryption and authentication algo-

rithm.
[no] authentication-key <hex key> Sets the 32-hex or 40-hex authentication key
to communicate with the GMS server.

[no] behind-nat Enables GMS behind a NAT device.

bound-interface <x1|x2|x3|x4|x5> Bind a VPN policy to an interface.

[no] enable Enables GMS management on a SonicWALL.

encryption-key <hex key> set the 16-hex/48-hex encryption key to com-

municate with the GMS server.

end Exit configuration menu.

finished Exit configuration mode to top menu.

help <command> Displays command and description.

info Displays current GMS configuration state.

[no] nat-address <IP Address> Sets the public NAT IP address that the GMS
server resides behind.

[no] over-vpn Enable GMS server locally or over VPN.

[no] send-heartbeat Send heart beat status messages only.

[no] server <IP Address> Sets the real IP address of the GMS server.

[no] standby-management-sa Enable the backup SA for GMS management.

syslog-port <uvalue|(default)> Sets the syslog server port of the GMS server.
help <command> Displays the command and description

Page 9
 /$1,QWHUIDFH&RQILJXUDWLRQ

Command Description

interface <x0|x1|x2|x3|x4|x5> Assigns zone and enters the

[<lan|wan|dmz>} configuration mode for the
interface.

auto Sets the interface to auto nego-

tiate.

comment <string> Adds comment as part of the

port configuration
duplex <full|half> Sets the interface duplex
speed.

end Exit the configuration mode.

finished Exit configuration mode to the

top menu.

help <command> Displays the command and

description.
info Displays information about the
interface.

mode lan Enter the LAN configuration

mode.

end Exit configuration mode.

finished Exit configuration mode to top

menu level.

help <command> Displays the command and

description.

info Displays information about the

interface.
ip <IP Address> Sets the IP address for the
netmask <mask> interface.

name <interface name> Sets the name for the interface.

speed <10|100> Sets the interface speed.

:$1,QWHUIDFH&RQILJXUDWLRQ

Command Description

auto Sets the interface to

autonegotiate.

bandwidth-management enable Enables bandwidth management.

Page 10 SonicWALL Command Line Interface Guide

 Command Description

bandwidth-management size <uvalue> Sets the bandwidth management

size.

comment <string> Adds comment as part of the port

configuration.

duplex <full|half> Sets the interface duplex speed.

end Exit the configuration mode.

finished Exit configuration mode to the top

menu.

fragment-packets Enable/disable fragmentation of

packets larger than the interface
MTU.

ignore-df-bit Enable/disable ignoring the don’t

fragment bit.

help <command> Displays the command and

description.

info Displays information about the

interface.

mode <static|dhcp|pptp|l2tp|pppoe> Sets the mode for the WAN inter-

face and inters the given mode
configuration.

Mode Static WAN [no] dns <IP Enters or removes IP address of

Interface Address> DNS servers.
Configuration

end Exits configuration mode.

finished Exits configuration mode to top

menu.

gateway <IP Sets or removes default gateway

Address> for the interface.

help <command> Displays help for given com-

mand.

info Displays IP information about the

interfac.

[no] ip <IP Sets the IP address for the

Address> interface.

Mode DHCP WAN end Exits configuration mode.

Interface
Configuration

finished Exits configuration mode to top

menu.

Page 11
 Command Description

help <command> Displays help for given com-

mand.

info Displays IP information about the

interfac.

[no] hostname Sets the hostname for the inter-

<string> face.

release Releases IP address information.

renew Renews IP address information.

Mode PPTP WAN [no] dynamic Sets the SonicWALL to obtain the
Interface IP address dynamically.

Configuration end Exits configuration mode.

finished Exits configuration mode to top

menu.

help <command> Displays help for given

command.

[no] hostname Clears/Sets PPTP hostname.

<string>

[no] inactivity Enables/disables the PPTP

inactivity timer.

timeout <uvalue > Sets/Clears the PPTP inactivity

timeout.

info Displays IP information about the

interface.

[no] ip <IP Sets/Clears the IP address for the

Address> interface.

[no] password Sets/Clears the PPTP password.

<quoted string>

[no] server ip <IP Sest/Clears the PPTP server IP

Address> address.

start

stop

[no] username Sets/Clears the PPTP

<string> username

Mode L2TP WAN [no] dynamic Sets the SonicWALL to obtain the
IP address dynamically.

Configuration end Exits configuration mode.

Page 12 SonicWALL Command Line Interface Guide

 Command Description

Mode finished Exits configuration mode to top

menu.

help <command> Displays help for given

command.

[no] hostname Clears/Sets L2TP hostname.

<string>

[no] inactivity Enables/disables the L2TP

inactivity timer.

timeout <uvalue> Sets/Clears the L2TP inactivity

timeout.

info Displays IP information about the

interface.

[no] ip <IP Sets/Clears the IP address for the

Address> interface.

[no] password Sets/Clears the L2TP password.

<quoted string>

[no] server ip <IP Sets/Clears the L2TP server IP

Address> address.

start

stop

[no] username Sets/Clears the L2TP

<string> username.

mtu <uvalue> Sets the MTU of the interface.

name <interface Sets the name for the interface.

name>

speed <10|100> Sets the interface speed.

Other auto Sets the interface to autonegoti-

ate.

Interface comment <string> Adds a comment as part of the

force configuration.

Configuration duplex Sets the interface duplex speed.

<full|half>

end Exits configuration mode.

finished Exits configuration mode to top
menu.

help <command> Displays help for given

command.

Page 13
 Command Description

info Displays IP information about the

interface.

name <interface Sets the name for the interface.

name>

speed <10|100> Sets the interface to autonegoti-

ate.

[no] log categories [all] Assigns/clears logging catego-

ries.

Log [no] all Assigns/clears all logging catego-

ries.

Category [no] attack Assigns/clears attack logging cat-

egory.

Information [no] blocked-code Assigns/clears blocked code log-

ging category.

[no] blocked- Assigns/clears blocked sites log-

sites ging category.

[no] connection Assigns/clears connection log-

ging category.

[no] conn-traf- Assigns/clears conn traffic log-

fic[ ging category.

[no] debug Assigns/clears debug logging cat-

egory.

end Exits configuration mode.

finished Exits configuration mode to top

menu.

help <command> Displays help for given

command.

[no] icmp Assigns/clears ICMP logging cat-

egory.

info Displays IP information about the

interface.

[no] lan-icmp Assigns/clears LAN-ICMP log-

ging category.

[no]lan-tcp Assigns/clears LAN-TCP logging

category.

[no]lan-udp Assigns/clears LAN-UDP logging

category.

[no]maintenance Assigns/clears maintenance log-

ging category.

Page 14 SonicWALL Command Line Interface Guide

 Command Description

[no] mgmt-80211b Assigns/clears 80211b manage-

ment logging category.

[no] modem-debug Assigns/clears modem debug-

ging logging category.

[no] sys-env Assigns/clears sys env logging

category.

[no] sys-err Assigns/clears sys error logging

category.

[no]tcp Assigns/clears TCP logging cate-

gory.

[no] udp Assigns/clears UDP logging cate-

gory.

[no] user-activ- Assign/clear user-activity logging

ity category.

[no] vpn-stat Assigns/clears vpn-stat logging

category.

[no] vpn-tunnel- Assigns/clears vpn tunnel status

status logging category.

[no] log filter-time <uvalue> Assigns/clears log filter time.

log ordering <choices> [invert] Assign/clear ordering method

when displaying log entries.

name <string> Sets/clears the firewall name.

[no] route default <IP address> Assigns clear default route.

[no] route <Destination> <Netmask> Assigns clear static routes.

<Gateway> [metric <route metric>]

[no] web-management http enable <x0 | Enables/disables HTTP web

x1 | x2 | x3 | x4 | x5> management.

web-management http port <tcp port or Assigns the HTTP web manage-
’default’> ment port or reset to default.

[no] web-management https enable <x0 Enables/disables HTTPS web

| x1 | x2 | x3 | x4 | x5> management.

web-management https port <tcp port Assigns the HTTPS web

or ’default’> management port or resets to
default.

web-management restore Restores default web-manage-

ment port and interface assign-
ments.

zone <wan|lan|dms> Enters the zone configuration

menu.

Page 15
 Command Description

end Exits configuration mode.

finished Exits configuration mode to top

menu.

[no] intrazone- Enables/disables intra-zone

communications communications.

6RQLF:$//266WDQGDUG&RPPDQGV
Show and Diag Commands (available at all levels)

Command Description

show memory Shows the system memory on the device.

show processes Shows procedure information.

show status Shows the current status of the device.

show tech-support Displays to the console the contents of the

TSR.

show tsr <all | av | cfl | dhcpc Displays to the console the contents of the
|dhcprelay | dhcps | dhcpsstat | TSR section named or all of the TSR.
ethernet | ha | ip-helper |
ipsec | l2tpclient | license |
log | management | network |
objects | policies | pppoe |
pptpclient | radius | snmp |
status | time | update | users |
wlb>

show web-management Displays the web-management status and

configuration.

Top Level Commands

Command Description

cls Clears window, leaving a single prompt

line.

exit This command causes you to exit sub-

menu, or if issued at the global level,
returns you to the login prompt.

export preferences Exports the preferences file using the Z-

modem.

export tsr Exports the tsr using the Z-modem.

help <command> Displays command and description.

import Import preferences file using Z-modem.

Page 16 SonicWALL Command Line Interface Guide

 Command Description

logout Logout from the console.

ping < IP address | Domain Name> Sends ICMP packets to destination IP

address.

restart Restarts the device.

restore Restore the device to factory defaults.

[no] web-management http enable Enables/disables HTTP web management.

web-management http port <tcp Assigns the HTTP web management port
port or ’default’> or reset to default.

[no] web-management https enable Enables/disables HTTPS web manage-

ment.

web-management https port <tcp Assigns the HTTPS web management port
port or ’default’> or resets to default.

web-management restore Restores default web-management port

and interface assignments.

Page 17
Page 18 SonicWALL Command Line Interface Guide
SonicWALL,Inc.
1143 Borregas Avenue T: 408.745.9600 www.sonicwall.com
Sunnyvale,CA 94089-1306 F: 408.745.9300

© 2002 SonicWALL, Inc. SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein may be
trademarks and/ or registered trademarks of their respective companies. Specifications and descriptions subject to change with out notice.

P/ N 232- 000549- 00
Rev A 04/ 04