SecurePlatform Pro & Advanced Routing Command Line Interface Administration Guide Version NGX R65 February 7, 2007 TM © 2003-2007 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: ©2003-2007 Check Point Software Technologies Ltd. All rights reserved. Check Point, AlertAdvisor, Application Intelligence, Check Point Express, Check Point Express CI, the Check Point logo, ClusterXL, Confidence Indexing, ConnectControl, Connectra, Connectra Accelerator Card, Cooperative Enforcement, Cooperative Security Alliance, CoSa, DefenseNet, Dynamic Shielding Architecture, Eventia, Eventia Analyzer, Eventia Reporter, Eventia Suite, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, Hybrid Detection Engine, IMsecure, INSPECT, INSPECT XL, Integrity, Integrity Clientless Security, Integrity SecureClient, InterSpect, IPS-1, IQ Engine, MailSafe, NG, NGX, Open Security Extension, OPSEC, OSFirewall, Policy Lifecycle Management, Provider-1, Safe@Home, Safe@Office, SecureClient, SecureClient Mobile, SecureKnowledge, SecurePlatform, SecurePlatform Pro, SecuRemote, SecureServer, SecureUpdate, SecureXL, SecureXL Turbocard, Sentivist, SiteManager-1, SmartCenter, SmartCenter Express, SmartCenter Power, SmartCenter Pro, SmartCenter UTM, SmartConsole, SmartDashboard, SmartDefense, SmartDefense Advisor, Smarter Security, SmartLSM, SmartMap, SmartPortal, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM, UserAuthority, User-to-Address Mapping, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Express, VPN-1 Express CI, VPN- 1 Power, VPN-1 Power VSX, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 UTM, VPN-1 UTM Edge, VPN-1 VSX, Web Intelligence, ZoneAlarm, ZoneAlarm Anti-Spyware, ZoneAlarm Antivirus, ZoneAlarm Internet Security Suite, ZoneAlarm Pro, ZoneAlarm Secure Wireless Router, Zone Labs, and the Zone Labs logo are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. ZoneAlarm is a Check Point Software Technologies, Inc. Company. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 6,496,935, 6,873,988, and 6,850,943 and may be protected by other U.S. Patents, foreign patents, or pending applications. For third party notices, see: THIRD PARTY TRADEMARKS AND COPYRIGHTS. Table of Contents 5 Contents Preface Who Should Use This Guide 92 Summary of Contents . 93 Related Documentation 95 More Information . 98 Feedback 99 Chapter 1 Introduction Overview . 102 SecurePlatform Hardware Requirements 103 SecurePlatform Pro 104 Chapter 2 About this Manual Overview . 106 Audience 107 Fonts 108 Advanced Routing Suite Command Line Interface Sections 109 Overview 109 Name 109 Syntax . 109 Mode . 110 Parameters . 110 Description 111 Default 111 Command History . 111 Examples . 111 See Also 111 Chapter 3 Preparing to Install SecurePlatform Preparing the SecurePlatform Machine 114 Hardware Compatibility Testing Tool 115 Getting Started . 116 Using the Hardware Compatibility Testing Tool 118 BIOS Security Configuration Recommendations 119 Chapter 4 Configuration Using the Command Line . 122 First Time Setup Using the Command Line 122 Using sysconfig 123 Check Point Products Configuration 125 Using the Web Interface . 126 First Time Setup Using the Web Interface . 126 6 Web Interface Layout 135 First Time Reboot and Login . 150 Chapter 5 Administration Managing Your SecurePlatform System 152 Connecting to SecurePlatform by Using Secure Shell . 152 User Management . 153 SecurePlatform Administrators . 154 FIPS 140-2 Compliant Systems . 156 Using TFTP 157 Backup and Restore 157 SecurePlatform Shell . 158 Command Shell 158 Management Commands . 160 Documentation Commands 161 Date and Time Commands . 161 System Commands . 164 Snapshot Image Management 172 System Diagnostic Commands . 174 Check Point Commands . 177 Network Diagnostics Commands . 190 Network Configuration Commands 195 Dynamic Routing Commands . 205 User and Administrator Commands . 206 SNMP Support 209 Configuring the SNMP Agent . 209 Configuring SNMP Traps . 210 Check Point Dynamic Routing . 214 Supported Features . 214 Command Line Interface . 217 SecurePlatform Boot Loader . 219 Booting in Maintenance Mode 219 Customizing the Boot Process 220 Snapshot Image Management 220 Chapter 6 SecurePlatform Pro - Advanced Routing Suite Introduction 222 Check Point Advanced Routing Suite . 223 Supported Features . 223 Dynamic Routing 223 Command Line Interface . 227 Chapter 7 Using the Advanced Routing Suite CLI Introduction 230 Starting the Advanced Routing Suite CLI . 231 The -p option 231 The -f option 231 Table of Contents 7 The -e option 231 The -a option 232 The -s option 233 Basic Features . 234 Command Tokens . 234 Command Line Completion 234 Moving About the Command Line . 236 Context-Sensitive Help 236 History . 237 Disabling/Enabling CLI Tracing 237 Aborting an Executing Command 237 Screen Paging 237 Exiting the CLI . 237 CLI Modes 238 User Execution Mode 238 Privileged Execution Mode . 238 Global Configuration Mode . 239 Router Configuration Mode 239 Interface Configuration Mode . 240 CLI Behavior Commands 241 configure file 241 configure terminal . 242 disable . 242 enable . 243 end . 243 exit 244 ip router-id . 244 ip routingtable-id 245 logout 246 quit . 246 show debugging 247 show history . 247 show running-config 249 show version . 251 terminal history 251 terminal history size 252 terminal length . 253 write memory 254 Querying the Advanced Routing Suite CLI 255 Memory Information 255 Task Information . 261 Chapter 8 General Concepts Address and Prefix Formats 266 Preferences Overview . 267 Assigning Preferences 268 Chapter 9 Interfaces 8 Overview . 272 Interfaces Commands 272 autonomous-system . 273 Name 273 Syntax . 273 Mode . 273 Parameters . 273 Description 273 Default 274 Command History . 274 Examples . 274 disable . 275 Name 275 Syntax . 275 Mode . 275 Parameters . 275 Description 275 Default 275 Command History . 275 Examples . 275 preference 276 Name 276 Syntax . 276 Mode . 276 Parameters . 276 Description 276 Default 276 Command History . 277 Examples . 277 primary-alias . 278 Name 278 Syntax . 278 Mode . 278 Parameters . 278 Description 278 Default 279 Command History . 279 Examples . 279 unnumbered 280 Name 280 Syntax . 280 Mode . 280 Parameters . 280 Description 280 Default 281 Command History . 281 Examples . 281 Table of Contents 9 Chapter 10 Kernel Interface Overview . 284 Kernel Commands . 285 kernel background limit 286 Name 286 Syntax . 286 Mode . 286 Parameters . 286 Description 286 Default 286 Command History . 287 Examples . 287 kernel background priority 288 Name 288 Syntax . 288 Mode . 288 Parameters . 288 Description 288 Default 289 Command History . 289 Examples . 289 kernel flash limit . 290 Name 290 Syntax . 290 Mode . 290 Parameters . 290 Description 290 Default 291 Command History . 291 Examples . 291 kernel flash type 292 Name 292 Syntax . 292 Mode . 292 Parameters . 292 Description 292 Default 293 Command History . 293 Examples . 293 kernel no-change . 294 Name 294 Syntax . 294 Mode . 294 Parameters . 294 Description 294 Default 295 Command History . 295 Examples . 295 kernel no-flush-at-exit 296 10 Name 296 Syntax . 296 Mode . 296 Parameters . 296 Description 296 Default 297 Command History . 297 Examples . 297 See Also 297 kernel no-install . 298 Name 298 Syntax . 298 Mode . 298 Parameters . 298 Description 299 Default 299 Command History . 299 Examples . 299 kernel remnant-holdtime 300 Name 300 Syntax . 300 Mode . 300 Parameters . 300 Description 300 Default 300 Command History . 301 Examples . 301 kernel routes . 302 Name 302 Syntax . 302 Mode . 302 Parameters . 302 Description 302 Default 303 Command History . 303 Examples . 303 kernel trace file . 304 Name 304 Syntax . 304 Mode . 304 Parameters . 304 Description 304 Default 305 Command History . 305 Examples . 305 kernel trace flag 306 Name 306 Syntax . 306 Mode . 306 [...]... Default Command History Examples Chapter 14 335 335 335 335 336 336 336 336 Border Gateway Protocol (BGP) Overview 338 BGP Commands 341 address-family 345 Name 345 Syntax 345 Mode 345 Parameters 345 Description 345 Default 345 Command History ... Default Command History Examples Chapter 15 529 529 530 531 531 531 Internet Control Message Protocol (ICMP) Overview 534 ICMP Commands 534 router icmp 535 Name 535 Syntax 535 Mode 535 Parameters 535 Description 535 Default 536 Command History ... Description 329 Command History 329 Examples 329 Field Descriptions 330 Chapter 13 Trace Options Overview 332 Trace Options Commands 332 trace file 333 Name 333 Syntax 333 Mode 333 Parameters 333 Description 333 Default 334 Command History ... 308 Default 308 Command History 308 Examples 308 show kernel 309 Name 309 Syntax 309 Mode 309 Parameters 309 Description 309 Command History 311 Examples 311 Chapter 11 Martian Addresses Overview 314 Martian Address Commands 314 martian ... Parameters 451 Description 451 Default 451 Command History 452 Examples 452 neighbor multi-protocol-nexthop 453 Name 453 Syntax 453 Mode 453 Parameters 453 Description 453 Default 454 Command History 454 22 Examples 454 neighbor next-hop-self... 315 Description 316 Default 316 Command History 316 Examples 317 Chapter 12 Multicast Overview 320 Multicast Commands 320 clear ip mroute 321 Name 321 Syntax 321 Mode 321 Parameters 321 Description 321 Command History 321 Examples 321... 538 Command History 538 Examples 538 trace flag 539 Name 539 Syntax 539 Mode 539 Parameters 539 Description 540 Default 541 Command History 541 Examples 541 See Also 541 Chapter 16 Fast Open Shortest Path First (OSPF) Overview 544 OSPF Commands... 351 Description 351 Default 351 Command History 351 Examples 352 Table of Contents 13 bgp bestpath compare-cluster-list-length 353 Name 353 Syntax 353 Mode 353 Parameters 353 Description 353 Default 353 Command History 353 Examples 354 bgp bestpath... Parameters 355 Description 355 Default 355 Command History 355 Examples 356 bgp bestpath compare-router-id 357 Name 357 Syntax 357 Mode 357 Parameters 357 Description 357 Default 357 Command History 357 Examples 358 bgp bestpath med confed... Parameters 359 Description 360 Default 360 Command History 360 Examples 360 bgp bestpath med missing-as-worst 361 Name 361 Syntax 361 Mode 361 Parameters 361 Description 362 Default 362 Command History 362 Examples 362 bgp cluster-id . SecurePlatform Pro & Advanced Routing Command Line Interface Administration Guide Version NGX R65 February. Fonts 108 Advanced Routing Suite Command Line Interface Sections 109 Overview