1 Reply Latest reply on Feb 9, 2016 12:15 PM by thyvarin

    CLI Commands for Nodes on a NGFW

    cpremo

      Where can I get a document with most of the CLI Commands for the NGFW Nodes?

       

      I'm trying to determine the MAC address of each of the nodes and can't seem to find that informaiton in the GUI and can't find the CLI commands to do the same.

        • 1. Re: CLI Commands for Nodes on a NGFW
          thyvarin

          Hi,

           

          Product documentation has list of our own (SG) commands, and those can be found from e.g. 5.10 online help:

          http://help.stonesoft.com/onlinehelp/StoneGate/SMC/5.10.0/GUID-929999E8-02CC-4C1 2-87E9-D3647F108DA6.html

           

          Here's also one KB article that lists some commands you might use during troubleshooting:

          https://kc.mcafee.com/corporate/index?page=content&id=KB84201&actp=null&viewloca le=en_US&showDraft=false&platinum_status=false&locale=en_US

           

          As NGFW runs on the linux OS the rest of the commands are regular linux/unix commands. Some of them are implemented via busybox like ifconfig:

           

          root@fw-sg-5-10-2:~# busybox ifconfig

          eth0      Link encap:Ethernet  HWaddr 00:50:56:00:01:01

                    inet addr:10.20.8.125  Bcast:10.20.15.255  Mask:255.255.248.0

                    UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          ***CLIP***

           

          To see all the commands that are available via busybox, run "busybox" command.

           

          As for your specific question, you can use e.g. ifconfig and ip commands:

           

          # ip address

          # ip link

          # busybox ifconfig

           

          All these commands will show the MAC address used by NGFW interfaces. Note that in NGFW cluster when using the default (and recommended) dispatch clustering, one of the nodes (dispatcher) will use the CVI MAC address that you defined in the SMC GUI. Dispatcher is selected dynamically on per interface basis so in active-active cluster you could see one node being dispatcher (using CVI MAC) for some interfaces, while the other node is dispatcher for the rest of the interfaces.

           

          Best regards,

          Tero