interface <name>Go to the configuration menu of the interface with name <name>. Examples of interface names: port2, port3, port4, port5.
interface <name>.<vlan-id>Create subinterface and go to its configuration menu. Subinterfaces can be created for physical interfaces as well as aggregated interfaces. <vlan-id> must fall in the range from 1 to 4094 and be unique within the main (parent) interface.
interface=['name']> upBring up data plane interface.
interface=['name']> downPut down data plane interface.
interface=['name']> ip <ip-address>Set the IP address on interface.
Note: It is not possible to set an IP address on an interface that has subinterfaces.
Example: interface=['port2'] > ip 10.0.0.1/24
interface=['name']> no ip <ip-address>Remove the IP address on interface.
Example: interface=['port2'] > no ip 10.0.0.1/24
interface=['name']> [no] allowed-protocols (icmp|snmp|ssh)Allow (or deny, if no) the passage of inbound traffic for the specified protocol on the interface. Note: for each of the protocols, inbound traffic is denied if the IP address setting mode for this interface is set to none.
Example: interface=['port2'] > allowed-protocols ssh
interface=['name']> [no] allowed-protocols allowed-subnet <ip-address>Add (or remove, if no) an IP address with a subnet mask from which inbound traffic to NGFW is allowed. The list of IP addresses is applied to all allowed protocols (icmp, snmp, ssh). If not specified, the subnet defaults to 32. Note: this list is cleared when the IP address setting mode for this interface is set to none.
Example: interface=['port2'] > allowed-protocols allowed-subnet 10.0.0.1/24
interface=['name']> [no] failover passive <ip-address>Set (or remove, if no) the interface address that will be used when the node has the passive role in the high-availability cluster.
interface=['name']>[no] failover keepalivesEnable (or disable, if no) the sending of keep-alive packets for the high-availability cluster on the interface.
interface=['name']>[no] failover monitorEnable (or disable, if no) the monitoring of interface status (up/down) for the purposes of the role switching algorithm in the cluster.
interface=['name']> primary <ip-address>Set an existing existing IP address as the priority address (that is, put it at the top of the list). The address must first be added (with the ip command) and saved (with the commit command). The mask is optional.
Example: interface=['port2'] > primary 10.0.0.1
interface=['name']> mtu <bytes>Set maximum transmission unit (MTU) for the interface.
Example: interface=['port2']> mtu 1400
interface=['name']> description <description>Set a description for the interface.
Example: interface=['port2']> description my_description
interface=['name']> no descriptionSet interface description.
Example: interface=['port2']> no description
interface=['name']> mac <MAC>Set interface MAC address in the XX:XX:XX:XX:XX:XX format.
Example: interface=['port2']> mac 12:34:56:78:9A:BC
interface=['name']> no macRemove interface MAC address.
interface=['name']> zone <name>Add interface to zone with name <name>. Zone with name <name> must first be created.
interface=['name']> no zoneRemove interface from the previously assigned zone. If no zone has been assigned, nothing happens.
interface=['name']> controlGo to the menu for selecting the control subsystem of the interface.
interface=['name']> control> dataplane-interfaceTransfer control of the interface to the data plane subsystem.
interface=['name']> control> no dataplane-interfaceTransfer control of the interface to the Linux network subsystem.
interface=['name']> control> syncMake the interface a sync interface and a participant in the cluster.
interface=['name']> control> no syncMake the interface a non-sync interface and take it out of the cluster.
interface=['name']> control> workers {intervals}Assign worker threads to the interface. Here intervals is a set of intervals in the following format: {First1}-{Last1},{First2}-{Last2}. For example: 2-3,5-6,9-11
interface=['name']> control> link-speed (auto|10M|100M|1G|2.5G|5G|10G|25G|40G|100G)Set a fixed speed in Mbps or Gbps for the physical interface, or auto for auto-negotiation. Only the values supported by the physical interface are available. Auto-negotiation is always available.
interface=['name']> dns-listGo to the DNS server address configuration menu.
Note: DNS server addresses can be configured only from interfaces managed by the Linux network subsystem.
interface=['name']> dns-list> add <ip-address>Add a DNS server with the specified IP address.
interface=['name']> dns-list> remove <ip-address>Remove the DNS server with the specified IP address.
interface=['name']> dns-list> clearRemove all DNS servers.
interface=['name']> vrf <name>Add interface to a virtual router (Virtual Routing and Forwarding, VRF).
interface=['name']> no vrfAdd interface to default VRF.
interface=['name']> use-dhcp-dnsGet DNS server addresses via DHCP. Enabled by default.
interface=['name']> no use-dhcp-dnsDo not get DNS server addresses via DHCP.
interface=['name']> protocol (none|staticIpv4|dhcp)Set the way the IP address is set for the interface. By default, staticIpv4. Depending on the way the IP address is set, you may not be able to modify or display some interface settings.
IMPORTANT: If the interface is set to staticIpv4 and one or more IP addresses are set, then before changing this setting to dhcp or none, you must delete all IP addresses from the interface.
Example: interface=['port2'] > protocol none
interface=['name']> exitExit the interface settings menu.
show interfaces allShow information about all interfaces.
Example:
ngfw> show interfaces all
{
"ngfw-interfaces:interfaces": {
"interface": [
{
"alias": "port1",
"dataplane-config": {
"pci-address": "0000:00:03.0",
"workers": [
{
"first": 0,
"last": 0
}
],
"num-rx-queues": 0,
"num-tx-queues": 0,
"symmetric-hash": "default"
},
"portDetails": {
"linkSpeed": "auto"
},
"isManagement": false,
"isDedicatedPort": true,
"allowedProtocols": {
"ssh": true,
"icmp": true,
"snmp": true
},
"isSync": false,
"description": "",
"if-index": 2,
"interfaceType": "port",
"operStatus": "up",
"adminStatus": "up",
"mtu": 1500,
"mac": "52:54:00:12:34:56",
"ipAddressList": [
"192.168.7.1/24"
],
"protocol": "staticIpv4",
"ngfw-interface-stat:statistics": {
"rx": {
"total-packets": "3",
"total-bytes": "1244",
"multicast-packets": "0",
"error-packets": "0"
},
"tx": {
"total-packets": "4",
"total-bytes": "995",
"error-packets": "0"
},
"total-dropped-packets": "0"
}
},
{
"alias": "port2",
"dataplane-config": {
"pci-address": "0000:00:04.0",
"workers": [
{
"first": 0,
"last": 0
}
],
"num-rx-queues": 1,
"num-tx-queues": 0,
"supported-link-speeds": [
0
],
"symmetric-hash": "default"
},
"portDetails": {
"linkSpeed": "auto"
},
"isManagement": false,
"isDedicatedPort": false,
"allowedProtocols": {
"ssh": false,
"icmp": false,
"snmp": false
},
"isSync": false,
"description": "",
"if-index": 1,
"interfaceType": "port",
"operStatus": "down",
"adminStatus": "down",
"speed": 0,
"duplex": "full",
"mtu": 1500,
"mac": "52:54:00:12:34:57",
"protocol": "none",
"ngfw-interface-stat:statistics": {
"rx": {
"total-packets": "0",
"total-bytes": "0",
"unicast-packets": "0",
"unicast-bytes": "0",
"multicast-packets": "0",
"multicast-bytes": "0",
"broadcast-packets": "0",
"broadcast-bytes": "0",
"error-packets": "0",
"rate": {
"bits-sec": "0",
"packets-sec": "0"
}
},
"tx": {
"total-packets": "0",
"total-bytes": "0",
"unicast-packets": "0",
"unicast-bytes": "0",
"multicast-packets": "0",
"multicast-bytes": "0",
"broadcast-packets": "0",
"broadcast-bytes": "0",
"error-packets": "0",
"rate": {
"bits-sec": "0",
"packets-sec": "0"
}
},
"total-dropped-packets": "0"
}
}
]
}
}
show interfaces name <name>Show information about interface with name <name>.
Example:
ngfw> show interfaces name port4
{
"ngfw-interfaces:interfaces": {
"interface": [
{
"alias": "port4",
"dataplane-config": {
"pci-address": "0000:00:06.0",
"workers": [
{
"first": 0,
"last": 0
}
],
"num-rx-queues": 1,
"num-tx-queues": 0,
"supported-link-speeds": [
0
],
"symmetric-hash": "default"
},
"portDetails": {
"linkSpeed": "auto"
},
"isManagement": false,
"isDedicatedPort": false,
"allowedProtocols": {
"ssh": false,
"icmp": false,
"snmp": false
},
"isSync": false,
"description": "",
"if-index": 3,
"interfaceType": "port",
"operStatus": "down",
"adminStatus": "down",
"speed": 0,
"duplex": "full",
"mtu": 1500,
"mac": "52:54:00:12:34:59",
"zone-id": "00000000-0000-4000-0000-000000000001",
"protocol": "none",
"ngfw-interface-stat:statistics": {
"rx": {
"total-packets": "0",
"total-bytes": "0",
"unicast-packets": "0",
"unicast-bytes": "0",
"multicast-packets": "0",
"multicast-bytes": "0",
"broadcast-packets": "0",
"broadcast-bytes": "0",
"error-packets": "0",
"rate": {
"bits-sec": "0",
"packets-sec": "0"
}
},
"tx": {
"total-packets": "0",
"total-bytes": "0",
"unicast-packets": "0",
"unicast-bytes": "0",
"multicast-packets": "0",
"multicast-bytes": "0",
"broadcast-packets": "0",
"broadcast-bytes": "0",
"error-packets": "0",
"rate": {
"bits-sec": "0",
"packets-sec": "0"
}
},
"total-dropped-packets": "0"
},
"ngfw-zone-info:zone_info": {
"id": "00000000-0000-4000-0000-000000000001",
"name": "Trusted",
"type": "L3"
}
}
]
}
}
show interfaces index <if-index>Show information about interface <if-index> in the data plane subsystem.
Example:
ngfw> show interfaces index 1
{
"ngfw-interfaces:interfaces": {
"interface": [
{
"alias": "port2",
"dataplane-config": {
"workers": [
{
"first": 0,
"last": 0
}
],
"num-rx-queues": 1,
"num-tx-queues": 0,
"supported-link-speeds": [
0
],
"symmetric-hash": "default"
},
"portDetails": {
"linkSpeed": "auto"
},
"isDedicatedPort": false,
"if-index": 1,
"operStatus": "down",
"adminStatus": "down",
"speed": 0,
"duplex": "full",
"mtu": 1500,
"mac": "52:54:00:12:34:57",
"ngfw-interface-stat:statistics": {
"rx": {
"total-packets": "0",
"total-bytes": "0",
"unicast-packets": "0",
"unicast-bytes": "0",
"multicast-packets": "0",
"multicast-bytes": "0",
"broadcast-packets": "0",
"broadcast-bytes": "0",
"error-packets": "0",
"rate": {
"bits-sec": "0",
"packets-sec": "0"
}
},
"tx": {
"total-packets": "0",
"total-bytes": "0",
"unicast-packets": "0",
"unicast-bytes": "0",
"multicast-packets": "0",
"multicast-bytes": "0",
"broadcast-packets": "0",
"broadcast-bytes": "0",
"error-packets": "0",
"rate": {
"bits-sec": "0",
"packets-sec": "0"
}
},
"total-dropped-packets": "0"
}
}
]
}
}
no interface <name>.<vlan-id>Remove a subinterface.
stat load-interval <value>Set interval for data update via OSMP (in seconds).
show stat load-intervalGet interval for data update via OSMP (in seconds).
Example:
ngfw> show stat load-interval
{
"ngfw-interfaces:interfaces": {
"ngfw-interface-stat:load-interval-sec": "300"
}
}
clear ifacestats allClear statistics for all data plane interfaces.
clear ifacestats name <name>Clear statistics for data plane interface <name>.