Updating zserver dyndns
This document details all the Stormshield Network CLI / Serverd commands of the IPS-Firewall for the release 1.3.0 These commands can be executed in the CLI console module in web administration - or with an administration client connected port 1300 (NSRPC).
These commands can be used from version 1.3.0 of Stormshield Network firmware.
To check their validity in earlier versions, please refer to the History category of the description of these commands.
Used in SRP authentication Impersonate id is specific for the service that perform the authentication with IHM web.
In this case the service use a specific administrator id and must specifiy the real administrator id as impersonate id [Config] State : Antivirus status Selected : Selected antivirus Name : Antivirus name [Base] Date : Date of the antiviral database [Object] Scan Archives_Capa : scanarchives capacity Scan Archives : extracting engine status Scan Packed_Capa : scanpacked capacity Scan Packed : unpacking engine status Block Encrypted_Capa : blockencrypted capacity Block Encrypted : block encrypted files Block Unsupported_Capa : blockunsupported capacity Block Unsupported : block unsupported formats Heuristic Analysis_Capa : heuristicanalysis capacity Heuristic Analysis : heuristic analysisanonymised Appears in 6.0.0 realbind Appears in 6.0.0 userpriority Appears in 6.1.0 http deprecated on 6.1.0 Upd Pwd deprecated on 6.1.0 level changes from other,modify to user,modify in 9.0.0 continueonerror appears in 9.1.0 userpriority deprecated in 9.1.0 httpport appears in 1.0.0 httpsport appears in 1.0.0 anonymised : show/don't show the logo in authentication page realbind : real ldap authentication usedns : redirection in authentication use certificate name and DNS resolve continueonerror : If an error was rise during authentication process, try the next one httpport : http port for authentification httpsport : https port for authentification Configure the authentication agent.
Rise an error if state will be activated but no agent ip/password or controller are defined.
The domain Name parameter setup an optional filter on received logon events.
If domain is given, only users on this domain are logged in Those values are also used by the SSL VPN. certificate : private key and certificate used by server for SSL ca_custom : ca certificate sent to client and 'ca_verify' used to trust client certificate.
(15 minutes to 1 year) autocomp : enable autocompletion by the browser Second User : Kick previous logged user or reject new user VPNSSLMultiuser : Promote IP to multiuser if SSLVPN access can be made 101 code=00a01000 msg="Begin"  name="Internal" lastmod="2006-04-05 "  name="External" lastmod="2006-04-05 "  name="default02" lastmod="2006-01-03 "  name="default03" lastmod="2006-01-03 " 100 code=00a00100 msg="Ok"Appears in 6.1.0 option srp for default Appears in 6.2.3 option plain for default Appears in 6.2.3 option default removed in 9.0.0 level changes from other,modify to user,modify in 9.0.0 command removed in 9.1.0 config index : if not specified, default value is 0 updpwd : update password pwdexpire : password validity in days Change period combo in the authentication web page When not defined transparent authentication methods use maxtime [config] state : auth daemon state Http State : activate http daemon Enrol Form Type : enrolment form (none, user, pki) Enrol Form Mail : using mail to report new enrolment requests updpwd : update password Use Cookie : authentication cookies state Pswd Expire : duration for password expiration min : Minimum authentication period max : Minimum authentication period ssotime : Authentication period for transparent methods (spnego and ssl) proxyredirect : method to redirect in transparent proxy mode Seconduser : What to do when a second user come from a single user IP.VPNSSLMultiuser : Auto-promote IP to multiuser is sslvpn can be used[config] anonymised : show/don't show the logo in authentication page Ssl Certificate : refer key/certificate entry on 'key' file realbind : real ldap authentication usedns : redirection in authentication use certificate name and DNS resolve internal : internal interfaces configuration external : external interfaces configuration [CAVerify List] Number=0 [radius] state : status of this method host : radius server hostname port : radius port bhost : radius backup server hostname bport : radius backup port [ssl] state : status of this method Certificate Identifier : field in certificate to match Ldap Identifier : field in LDAP to match [kerberos] state : status of this method domain : Kerberos realm (domain) name pkdc_host : Primary KDC host adress pkdc_port : Primary KDC port (default 88) bkdc_host : Backup KDC host adress bkdc_port : Backup KDC port (default 88) [spnego] state : status of this method domain : Windows domain name principal : Service Principal name [agent] State : activate or not the agent Mscontroler : object name of the Microsoft domain controler Msbackup Controler : object name of the second Microsoft domain controler Directory : name of the ldap directory to use Max Logon Time : maximum time in second of the authentication Probe : activate or not the user logout probing Probe Method : comma separated list of probing methods (arp, icmp, nbstat, registery, ...) Probe Timeout : maximum time in second for no responding stations Bind Addr : the ip of the source connection Bind Port : the port of the source connection Agent Addr : the agent ip address Agent Port : the port of the agent Backup Addr : the ip of the backup agent Backup Port : the port of the backup agent Domain Name : the filter to be applied on logon event [guest] state : activate or not the guest method Logon Time : Time in seconds for re-authentication Disclaimertime : Time in seconds for disclaimer revalidation] - period : time unit (s,m,h,d,w); - distantbackup : localbackup only (0), cloud netasq (1), custom server (2); - protocol : protocol used (http,https); - mode : webdav mode with authentication (basic,digest) or post request; - controlname : name also used with html form (only with post mode); - authusername : authentication username (only with basic and digest webdav modes); - authpassword : authentication password (only with basic and digest webdav modes); - path : path on the server; - servercertificate : server certificate reference; - clientcertificate : client certificate.Appears in 6.0.0 state Appears in 6.1.0 update Appears in 6.1.0 secure Appears in 6.1.5 update options Kaspersky, Clamav, URLFiltering, Antispam-Vaderetro Appears in 6.2.0 start Appears in 7.0.0 update option Pvm Appears in 7.0.0 start Appears in 7.0.0 level changes from modify,other to modify,maintenance in 9.0.0 update option Root Certificates Appears in 9.1.0 Dump the autoupdate config.The Run token represents the state of the last update (0=never started ; 1=up to date ; 2=failed ; 3=running ; 4=not available) and can be obtained by MONITOR AUTOUPDATE too.The update begins at 'start' time and will be repeated after each 'period'.
level maintenance Appears in 6.0.0 level other deprecated in 6.0.0 option global for list Appears in 6.0.0 option urlgroup for list Appears in 6.0.2 option pattern for list Appears in 6.0.2 usb Appears in 6.1.0 option secure for list Appears in 6.2.0 option autoupdate for list Appears in 6.2.0 option proxies for list Appears in 6.2.0 option services for list Appears in 6.2.0 format appears in 9.0.0 Make an archive encrypted with generic key or given password.