D-Link NetDefendOS User Manual page 57

Checking Configuration Integrity
After changing a NetDefendOS configuration and before issuing the activate and commit
commands, it is possible to explicitly check for any problems in a configuration using the
command:
gw-world:/> show -errors
This will cause NetDefendOS to scan the configuration about to be activated and list any
problems. A possible problem that might be found in this way is a reference to an IP object in the
address book that does not exist in a restored configuration backup.
Logging off from the CLI
After finishing working with the CLI, it is recommended to logout in order to avoid letting
anyone getting unauthorized access to the system. Log off by using the exit or the logout
command.
Configuring Remote Management Access on an Interface
Remote management access may need to be configured through the CLI. Suppose management
access is to be through Ethernet interface If2 which has an IP address 10.8.1.34.
Firstly, we set the values for the IPv4 address objects for If2 which already exist in the
NetDefendOS address book, starting with the interface IP:
gw-world:/> set Address IP4Address InterfaceAddresses/If2_ip
The network IP address for the interface must also be set to the appropriate value:
gw-world:/> set Address IP4Address InterfaceAddresses/If2_net
In this example, local IP addresses are used for illustration but these could be public IPv4
addresses instead. It is also assumed that the default address objects for the configuration are
stored in an address book folder called InterfaceAddresses.
Next, create a remote HTTP management access object, in this example called HTTP_If2:
gw-world:/> add RemoteManagement RemoteMgmtHTTP HTTP_If2
If we now activate and commit the new configuration, remote management access via the IPv4
address 10.8.1.34 is now possible using a web browser. If SSH management access is required
then a RemoteMgmtSSH object should be added.
The assumption made with the above commands is that an all-nets route exists to the ISP's
gateway. In other words, Internet access has been enabled for the NetDefend Firewall.
Managing Management Sessions with sessionmanager
The CLI provides a command called sessionmanager for managing management sessions
themselves. The command can be used to manage all types of management sessions, including:
Chapter 2: Management and Maintenance
Address=10.8.1.34
Address=10.8.1.0/24
Interface=If2
Network=all-nets
LocalUserDatabase=AdminUsers
AccessLevel=Admin
HTTP=Yes
57