D-Link DFL-1660 User Manual page 44

2.1.4. The CLI
connections or VPN tunnels. However, with some IPsec tunnel changes, a reconfiguration will mean
the tunnels are lost and have to be reestablished because the tunnel SAs are no longer valid.
Checking Configuration Integrity
After changing a NetDefendOS configuration and before issuing the activate and commit
commands, it is possible to explicitly check for any problems in a configuration using the command:
gw-world:/> show -errors
This will cause NetDefendOS to scan the configuration about to be activated and list any problems.
A possible problem that might be found in this way is a reference to an IP object in the address book
that does not exist in a restored configuration backup.
Logging off from the CLI
After finishing working with the CLI, it is recommended to logout in order to avoid letting anyone
getting unauthorized access to the system. Log off by using the exit or the logout command.
Configuring Remote Management Access on an Interface
Remote management access may need to be configured through the CLI. Suppose management
access is to be through Ethernet interface if2 which has an IP address 10.8.1.34.
Firstly, we set the values for the IPv4 address objects for if2 which already exist in the
NetDefendOS address book, starting with the interface IP:
gw-world:/> set Address IP4Address if2_ip Address=10.8.1.34
The network IP address for the interface must also be set to the appropriate value:
gw-world:/> set Address IP4Address if2_net Address=10.8.1.0/24
In this example, local IP addresses are used for illustration but these could be public IPv4 addresses
instead.
Next, create a remote HTTP management access object, in this example called HTTP_if2:
gw-world:/> add RemoteManagement RemoteMgmtHTTP HTTP_if2
If we now activate and commit the new configuration, remote management access via the IPv4
address 10.8.1.34 is now possible using a web browser. If SSH management access is required then
a RemoteMgmtSSH object should be added.
The assumption made with the above commands is that an all-nets route exists to the ISP's gateway.
In other words, Internet access has been enabled for the NetDefend Firewall.
Managing Management Sessions with sessionmanager
The CLI provides a command called sessionmanager for managing management sessions
themselves. The command can be used to manage all types of management sessions, including:
Chapter 2. Management and Maintenance
Interface=if2
Network=all-nets
LocalUserDatabase=AdminUsers
AccessLevel=Admin
HTTP=Yes
44