Managing Kaspersky NGFW using the command line

This document lists commands that you can use to manage Kaspersky NGFW on the command line.

Typographic conventions

The following typographic conventions apply to descriptions of commands and arguments:

Information that must be provided by the user is enclosed in angle brackets <>. Example: <description>.
Possible options from which the user must choose are enclosed in parentheses () and separated by vertical bars |. Example: (on|off).
Optional arguments are enclosed in square brackets []. Example: [no].

Applying changes

Configuration changes made on the command line are first saved in the candidate configuration.

To save changes in the running configuration, run the commit command.

To roll back the changes, use the rollback command.

Commands

bfd – a family of commands for configuring the Bidirectional Forwarding Detection (BFD) protocol

bgp – a family of commands for configuring the Border Gateway Protocol (hereinafter BGP)

bond - a family of commands for configuring and viewing aggregated interfaces

bridge - a family of commands for configuring L2 bridges

config - a family of commands for managing the configuration

counters - a family of commands for viewing event counters

decrypt - a family of commands for configuring traffic decryption rules

dhcp-relay – a family of commands for configuring DHCP relay servers

domain-object – a family of commands for configuring objects that are collections of domain names

dpi – a family of commands for managing the DPI subsystem

explicit-proxy – a family of commands for configuring the HTTP proxy server of NGFW

failover - a family of commands for configuring a high-availability cluster

health - a command that displays the status of system components

interface – a family of commands for configuring and viewing interfaces

ip-reassembly – a family of commands for configuring the processing of fragmented IP packets

ip route – a family of commands for configuring IP routes

knbe-agent – a family of commands for managing the agent responsible for synchronizing with the orchestrator

ksc-server – a family of commands for configuring the Open Single Management Platform (OSMP) connection

ksn – a family of commands for configuring Kaspersky Security Network (KSN)

licensing – a family of commands for managing the license

log – a family of commands for managing the logging system

mf – a family of commands for configuring traffic filtering by MAC address

nat – a family of commands for configuring NAT/NAPT translation rules

object – a family of commands for configuring network objects

ospf – a family of commands for configuring the OSPF protocol

pcapdump – a family of commands for configuring, starting, stopping, and viewing the results of capturing local packets passing through Kaspersky NGFW

pf session – a family of commands for displaying and clearing the table of sessions

pf – a family of commands for configuring security rules

proxy – a family of commands for configuring the proxy server connection

quit - a command for exiting the command line

routing – a family of commands for configuring routing filters

security-events-toggle – a family of commands for configuring security event logging

security – a family of commands for configuring scanning and analysis of the contents of network traffic

send-net-unreachable – a family of commands for configuring the sending of an ICMP message if the route for the incoming packet is unknown

service – a family of commands for configuring services

snmp – a family of commands for configuring SNMP monitoring

software-updater – a family of commands for the firmware update task

stat – a family of commands for configuring and viewing interface statistics settings

system - a family of system commands

tech-support-info - command for gathering technical information on a Kaspersky NGFW device for Technical Support in case of an incident

timeouts – a family of commands for configuring the session closing timeout for various network protocols

tls – a family of commands for managing the TLS/SSL encryption protocols

updater – a family of commands for the database update task

user-awareness – a family of commands for configuring the User awareness functionality

utils – a family of commands for running utilities

vrf – a family of commands for configuring virtual routers (VRF-Lite)

zone – a family of commands for configuring and viewing data plane zones

| Home | Next |