CLI Guide - WatchGuard Technologies
CLI Guide - WatchGuard Technologies CLI Guide - WatchGuard Technologies
CHAPTER 3: Configuration Mode Commands Effect Records a new IPSec action (manual key or automatic key), including one or more proposals which have been created beforehand. Arguments Type a unique name for this action. This argument determines whether this action is tunnel mode or transport mode. If you enter tunnel mode, you must then qualify it with one of the following: (1) enter "*" to indicate ANY source, (2) enter a specific peer appliance’s IP address, or (3) enter the name of an address group containing the peer IP address. -auto_key Enter this argument if this action utilizes an automatic key. Do not use the “manual–key” if using an automatic key. The following two arguments further qualify this automatic key exchange. [no] pfs_group If this action uses an automatic key, use this argument to specify which perfect forward security option (Diffie-Hellman Group 1 or 2) will be used. If none is used, you can preface this argument with “no”. […] If this action uses an automatic key, use this argument to enter the IKE proposal names (whether one or more.) -manual_key Enter this argument if this action employs a manual key. (If doing so, do not use the “auto_key” argument.) The following ten arguments (grouped 96 WatchGuard Vclass 5.1
Second level configuration mode commands around ESP and AH algorithms) qualify this manual key exchange. -esp Enter this argument if this action employs an ESP protocol for the manual key. Use this argument to enter a unique number that represents the SPI of this appliance. The number should be between 256 and 65535. Use this argument to enter a different, unique number that represents the SPI of the peer security appliance. The number should be between 256 and 65535. Use this argument to pick either DES or 3DES encryption algorithms. This argument will contain the actual manual key text, noted in ASCII or hexadecimal notation. -ah Enter this argument if this action employs an AH protocol for the manual key. Use this argument to enter a unique number that represents the SPI of this appliance. The number should be between 256 and 65535. Use this argument to enter a different, unique number that represents the SPI of the peer security WatchGuard Command Line Interface Guide 97
- Page 59 and 60: certificate command Top-level confi
- Page 61 and 62: Top-level configuration mode comman
- Page 63 and 64: interface command Top-level configu
- Page 65 and 66: Arguments None Example WG#config WG
- Page 67 and 68: [no] traffic command (log level) WG
- Page 69 and 70: Top-level configuration mode comman
- Page 71 and 72: Top-level configuration mode comman
- Page 73 and 74: Top-level configuration mode comman
- Page 75 and 76: as command Top-level configuration
- Page 77 and 78: Top-level configuration mode comman
- Page 79 and 80: Top-level configuration mode comman
- Page 81 and 82: Second level configuration mode com
- Page 83 and 84: Second level configuration mode com
- Page 85 and 86: Second level configuration mode com
- Page 87 and 88: Example Second level configuration
- Page 89 and 90: Second level configuration mode com
- Page 91 and 92: Second level configuration mode com
- Page 93 and 94: Second level configuration mode com
- Page 95 and 96: Second level configuration mode com
- Page 97 and 98: Second level configuration mode com
- Page 99 and 100: Second level configuration mode com
- Page 101 and 102: Second level configuration mode com
- Page 103 and 104: Second level configuration mode com
- Page 105 and 106: Arguments Second level configurati
- Page 107 and 108: Second level configuration mode com
- Page 109: Second level configuration mode com
- Page 113 and 114: Second level configuration mode com
- Page 115 and 116: Second level configuration mode com
- Page 117 and 118: Second level configuration mode com
- Page 119 and 120: Second level configuration mode com
- Page 121 and 122: Second level configuration mode com
- Page 123 and 124: Second level configuration mode com
- Page 125 and 126: Second level configuration mode com
- Page 127 and 128: Second level configuration mode com
- Page 129 and 130: Second level configuration mode com
- Page 131 and 132: Second level configuration mode com
- Page 133 and 134: Second level configuration mode com
- Page 135 and 136: Second level configuration mode com
- Page 137 and 138: Level 3 configuration mode commands
- Page 139 and 140: Level 3 configuration mode commands
- Page 141 and 142: CHAPTER 4 Debug Mode Commands All W
- Page 143 and 144: arp command Debugging/troubleshooti
- Page 145 and 146: Debugging/troubleshooting commands
- Page 147 and 148: - images/rs_sublogo.gif Debugging/t
- Page 149 and 150: pppoe_config command Debugging/trou
- Page 151 and 152: Debugging/troubleshooting commands
- Page 153 and 154: set_dos_if command Debugging/troubl
- Page 155 and 156: Debugging/troubleshooting commands
- Page 157 and 158: CHAPTER 5 Other Commands No command
- Page 159 and 160: Show address command Display curren
CHAPTER 3: Configuration Mode Commands<br />
Effect<br />
Records a new IPSec action (manual key or<br />
automatic key), including one or more proposals<br />
which have been created beforehand.<br />
Arguments<br />
<br />
Type a unique name for this action.<br />
<br />
This argument determines whether this action is<br />
tunnel mode or transport mode.<br />
<br />
If you enter tunnel mode, you must then qualify it<br />
with one of the following: (1) enter "*" to indicate<br />
ANY source, (2) enter a specific peer appliance’s IP<br />
address, or (3) enter the name of an address group<br />
containing the peer IP address.<br />
-auto_key<br />
Enter this argument if this action utilizes an<br />
automatic key. Do not use the “manual–key” if<br />
using an automatic key.<br />
The following two arguments further qualify this<br />
automatic key exchange.<br />
[no] pfs_group <br />
If this action uses an automatic key, use this<br />
argument to specify which perfect forward security<br />
option (Diffie-Hellman Group 1 or 2) will be used.<br />
If none is used, you can preface this argument with<br />
“no”.<br />
[…]<br />
If this action uses an automatic key, use this<br />
argument to enter the IKE proposal names<br />
(whether one or more.)<br />
-manual_key<br />
Enter this argument if this action employs a<br />
manual key. (If doing so, do not use the “auto_key”<br />
argument.) The following ten arguments (grouped<br />
96 <strong>WatchGuard</strong> Vclass 5.1