CLI Guide - WatchGuard Technologies
CLI Guide - WatchGuard Technologies CLI Guide - WatchGuard Technologies
CHAPTER 3: Configuration Mode Commands password contains the pound (#) character, it needs to be placed in double quotes. [ This allows you to set PPPoE to Dial-on-Demand or Always On mode. The function of following this option differs in each mode. For Dial-on- Demand mode, this number indicates the inactivity timeout interval in minutes (default is 20 minutes). For Always On mode, this number indicates the auto-reconnect interval in seconds (default is 60 seconds). [-unnumbered_pppoe |disable]] This option allows you to use unnumbered PPPoE. For more information on unnumbered links, see RFC 1812 section 2.2.7. [backup [ip mask gateway ] | [dhcp [host_id] ] | [pppoe -user "name" -password "password"] [unnumbered_pppoe |disable] [disable] [switch_to_backup] This allows you to enable a Backup WAN connection for Interface 1, for systems that have unreliable ISPs or network providers. You can configure the failover connection as static, by typing the IP address, netmask, and gateway. You can configure the failover connection as DHCP using the [dhcp ["host_id"]] syntax. You can configure the interface as PPPoE (always on) using the [pppoe -user "name" -password "password"] syntax. You can configure the backup WAN connection as unnumbered PPPoE using the syntax [unnumbered_pppoe |disable]. You can disable the backup connection by using the option [disable]. 88 WatchGuard Vclass 5.1
Second level configuration mode commands You can switch to the backup connection using the command switch_to_backup. [tracking -remove|-add -interval -timeout -pause_before_failback ] ] For systems that configure a Backup WAN connection using the failover command, these settings must be specified. You can add up to three IP addresses that are used to determine WAN failure. These addresses are used with the -interval and -timeout values to determine when the WAN connection has failed. -interval determines the amount of time that elapses between attempts to ping all three specified tracking addresses. -timeout determines the amount of time that can elapse before a ping attempt is considered failed. All three specified IP addresses must fail to respond to the ping attempt within the specified time to consider the WAN connection failed. In the event of failure, the WAN is switched over to the backup connection. This causes a brief interruption in processing while the system restarts. In order to prevent frequent restarts, the final parameter, -pause_before_failback, is provided. This allows you to specify the amount of time that must elapse between failovers. WatchGuard Command Line Interface Guide 89
- Page 51 and 52: Administration mode commands Proces
- Page 53 and 54: Administration mode commands Shuts
- Page 55 and 56: CHAPTER 3 Configuration Mode Comman
- Page 57 and 58: abort command Top-level configurati
- Page 59 and 60: certificate command Top-level confi
- Page 61 and 62: Top-level configuration mode comman
- Page 63 and 64: interface command Top-level configu
- Page 65 and 66: Arguments None Example WG#config WG
- Page 67 and 68: [no] traffic command (log level) WG
- Page 69 and 70: Top-level configuration mode comman
- Page 71 and 72: Top-level configuration mode comman
- Page 73 and 74: Top-level configuration mode comman
- Page 75 and 76: as command Top-level configuration
- Page 77 and 78: Top-level configuration mode comman
- Page 79 and 80: Top-level configuration mode comman
- Page 81 and 82: Second level configuration mode com
- Page 83 and 84: Second level configuration mode com
- Page 85 and 86: Second level configuration mode com
- Page 87 and 88: Example Second level configuration
- Page 89 and 90: Second level configuration mode com
- Page 91 and 92: Second level configuration mode com
- Page 93 and 94: Second level configuration mode com
- Page 95 and 96: Second level configuration mode com
- Page 97 and 98: Second level configuration mode com
- Page 99 and 100: Second level configuration mode com
- Page 101: Second level configuration mode com
- Page 105 and 106: Arguments Second level configurati
- Page 107 and 108: Second level configuration mode com
- Page 109 and 110: Second level configuration mode com
- Page 111 and 112: Second level configuration mode com
- Page 113 and 114: Second level configuration mode com
- Page 115 and 116: Second level configuration mode com
- Page 117 and 118: Second level configuration mode com
- Page 119 and 120: Second level configuration mode com
- Page 121 and 122: Second level configuration mode com
- Page 123 and 124: Second level configuration mode com
- Page 125 and 126: Second level configuration mode com
- Page 127 and 128: Second level configuration mode com
- Page 129 and 130: Second level configuration mode com
- Page 131 and 132: Second level configuration mode com
- Page 133 and 134: Second level configuration mode com
- Page 135 and 136: Second level configuration mode com
- Page 137 and 138: Level 3 configuration mode commands
- Page 139 and 140: Level 3 configuration mode commands
- Page 141 and 142: CHAPTER 4 Debug Mode Commands All W
- Page 143 and 144: arp command Debugging/troubleshooti
- Page 145 and 146: Debugging/troubleshooting commands
- Page 147 and 148: - images/rs_sublogo.gif Debugging/t
- Page 149 and 150: pppoe_config command Debugging/trou
- Page 151 and 152: Debugging/troubleshooting commands
Second level configuration mode commands<br />
You can switch to the backup connection using the<br />
command switch_to_backup.<br />
[tracking -remove|-add <br />
-interval <br />
-timeout <br />
-pause_before_failback<br />
] ]<br />
For systems that configure a Backup WAN<br />
connection using the failover command, these<br />
settings must be specified. You can add up to three<br />
IP addresses that are used to determine WAN<br />
failure. These addresses are used with the<br />
-interval and -timeout values to determine<br />
when the WAN connection has failed.<br />
-interval determines the amount of time that<br />
elapses between attempts to ping all three specified<br />
tracking addresses. -timeout determines the<br />
amount of time that can elapse before a ping<br />
attempt is considered failed. All three specified IP<br />
addresses must fail to respond to the ping attempt<br />
within the specified time to consider the WAN<br />
connection failed.<br />
In the event of failure, the WAN is switched over to<br />
the backup connection. This causes a brief<br />
interruption in processing while the system<br />
restarts. In order to prevent frequent restarts, the<br />
final parameter, -pause_before_failback, is<br />
provided. This allows you to specify the amount of<br />
time that must elapse between failovers.<br />
<strong>WatchGuard</strong> Command Line Interface <strong>Guide</strong> 89