Documentation | Support

Go to the table of contents Go to the previous page Go to the next page
Using the Forcepoint DLP Protector CLI > Command-line reference
Command-line reference
Deployment and Installation Center | Forcepoint DLP
 
Applies to:                                         
*
Forcepoint DLP, v8.5.x, v8.6.x, v8.7.x, v8.8.x, v8.9.x
Following are general guidelines to using the CLI.
*
For admin users, use the help command to view a list of all available commands
*
All commands can be run with the "help" option to view detailed help about that command. For example:
iface help
*
The CLI shell offers auto-complete for command names using the TAB key. For example, typing the letter "i" plus TAB will display all commands that start with the letter "i."
*
The CLI shell implements command history. Use the up/down arrows to view/run/modify previously entered commands, sequentially.
Some commands' output may exceed the height of the screen. Use the terminal software to scroll back and view all output.
*
All commands and their arguments are case sensitive.
*
Abbreviations are not accepted in the CLI; it is necessary to type the entire word. The TAB button can be used to complete partially typed commands.
*
Some command output may exceed the length of the screen. Once the screen is full, the CLI will prompt –more-. Use the spacebar to display the next screen.
Exit the command line interface
Syntax
exit
Description
Exits the user from the Forcepoint Protector CLI and returns to the login prompt or to a wrapper shell environment.
Show CLI help messages
Syntax
help
Description
This command displays all available commands with a small description for each. The list of available commands depends on the user's profile. All commands support the help argument. When used, the command displays a help message relevant to that command.
Example
Forcepoint1# dns help
dns: Configure or show DNS server(s) Usage: dns [list | delall] dns [{add | del} <ipaddr>]
Accessing the basic configuration wizard
Syntax
wizard
Description
Opens the Forcepoint Protector Installation Wizard. The user can also run wizard securecomm to go directly to the registration stage of the Wizard, where Data Security Manager details are entered.
Example
Forcepoint1# wizard
Forcepoint1# wizard securecomm
Rebooting the protector
Syntax
reboot
Description
Reboots the protector. The protector is shut down and restarted immediately after the command is executed.
Turning off the protector
Syntax
shutdown
Description
Shuts down the protector. The protector is shut down and powered off immediately after the command is executed.
Showing the Forcepoint Protector version
Syntax
version
Description
Displays the protector version information.
Example
Forcepoint1# version
This is Forcepoint Content Protector 8.6.0.009, Policy Engine 8.6.0.9 (Appliance 8.6.0.009)
Setting or showing the system date
Syntax
date [-d] [dd-mmm-yyyy]
Description
Sets or displays the date of the protector. By default, the command displays the current date. Otherwise, the argument is used to set the date of the protector.
The "date" command is also a native Linux command. Root users can access the CLI command by running it with its full path:
/opt/websense/neti/bin/date
Parameters
If the -d option is given, the date is displayed or set using an all digit format (mm/dd/yyyy, for example: 07/31/2017). Otherwise, a dd-mmm-yyyy format is used. dd is the day of the month [01 to 31] mmm is the month in abbreviated 3-letter format [Jan, Feb, Mar, etc.] yyyy is the year [2016, 2017]
Example
Forcepoint1# date
31-Jul-2017
Setting or showing the system time
Syntax
time -h [HH[:MM[:SS]]]
Description
Sets or displays the time in the protector. By default, the command displays the current time.
The "time" command is also a native Linux command. Root users can access the CLI command by running it with its full path:
/opt/websense/neti/bin/time
Parameters
*
-u sets the time in UTC
*
-h displays a short usage message HH:MM:SS HH is the hour [00 to 24]
*
MM is the minutes [00 to 59]
*
SS is the seconds [00 to 59]
Example
Forcepoint1# time
17:55:03
Modify or show system time zone
Syntax
timezone [list, show, set <timezone>]
Description
Shows or sets the protector time zone.
Parameters
*
list displays a complete list of time zones that can be set in the Forcepoint Protector
*
show displays the time zone set in the Forcepoint Protector (default option)
*
set <timezone> sets the time zone. The set command must be followed by the name of the time zone to be selected, as listed using the list command. Note that the names of the time zones are case-sensitive.
Default
When no argument is given, "show" is assumed.
Example
Forcepoint1# timezone set US/Hawaii
Viewing protector information
Syntax
info { cpu | memory | network | diag | uptime | hardware | features} info stats [reset]
Description
Displays information about the Forcepoint protector.
Root users must access the CLI command by running it with its full path:
/opt/websense/neti/bin/info
Parameters
*
cpu displays the protector's CPU usage information.
*
memory displays the protector memory usage information.
*
network displays the protector's network settings including hostname, domain name, IP address and routing table.
*
diag creates a diagnostic file to be used by Forcepoint technical services.
*
uptime displays the amount of time the protector has been up and operational.
*
features lists all the possible features available on this protector and what they can do (monitor or block).
*
hardware displays hardware information including which network cards are installed.
*
stats displays traffic statistics for each protocol being monitored; this is useful to verify the operational status of the Protector.
*
stats reset resets all statistics counters to zero.
Example
Forcepoint1# info cpu
Processor 1: 1.3% loaded (98.7% idle)
Forcepoint1# info memory
Free physical memory 8.7%
Collecting statistics
Syntax
debug stats [-d] [-i <interval> | -n <count>]
Description
This command allows a user to collect statistics about network behavior over time. It does so by running info stats at specified intervals for a given number of times. The collected statistics are saved in a CSV file for easy manipulation and analysis in spreadsheet tools such as Microsoft Excel. The resulting file is saved as:
opt/pa/log/collect_stats.csv.gz
Parameters
*
-d: delete previously recorded statistics information file, if one exists
*
interval: the interval in seconds between two runs that take a snapshot of the statistics.
*
count: how many times the statistics snapshot should be taken.
Default
The default interval is every 60 seconds. The default number is 1440 (which is the equivalent of 24 hours of statistics when the default interval of 60 is selected).
Example
Forcepoint# debug stats -d -i 120
Configure or show the DNS server(s)
Syntax
dns [list | delall] dns [{add | del}] <ip_address>]
Description
Lists, adds, or deletes DNS servers.
Parameters
*
list: displays a list of DNS servers in the protector
*
delall: deletes all DNS servers set in the protector
*
add: adds a DNS server specified by its IP address to the protector
*
del: deletes the DNS server denoted by the specified IP address
Example
Forcepoint1# dns add 192.168.15.3
Configure or show the default domain name(s)
Syntax
domain [list | delall] domain [{add (-m) | del} <domain>]
Description
Lists, adds, or deletes default domain names in the protector.
Parameters
*
list: displays a list of configured default domain names in the protector
*
delall: deletes all default domain names set in the protector
*
add: adds a default domain name specified by <domain> to the protector
Use the -m switch to set a domain as main. The main domain is the domain that the protector is actually is a member of. Without the 1m switch a search domain is created. For the protector to resolve a domain this domain is searched as well. There may be many search domains, but only one main domain.
*
del: deletes the default domain name denoted by <domain> from the protector
Example
Forcepoint1# domain add example.com
Configure or show the default gateway
Syntax
gateway <ip_address>
gateway [list | delete]
Description
By default, displays the current defined gateway. Using the parameters, it is possible to set or delete the default gateway of the protector.
Parameters
*
ipaddr: when given, the ipaddr is used as a default gateway for the protector.
*
list: shows the configured default gateway.
*
delete: deletes the defined default gateway.
If this command is run from a remote SSH session, the session may terminate.
Example
Forcepoint1# gateway 192.168.10.254
Configure or show the hostname
Syntax
hostname <name>
Description
Displays the current hostname. The parameter can also set a unique name by which to identify the protector.
Parameters
If a name is given, the hostname is set to the given name. Otherwise, the hostname is displayed.
Example
Forcepoint1# hostname 1Tokyo
Configure or show interface information
Syntax
iface [list]
iface ifname [ip <ip_address>] [prefix <prefix>] [bcast <bcastaddr>] [speed <speed>] [duplex <duplex>] [mgmt] [enable|disable] [descr <description>]
Description
Configures and displays the protector's network interface information. When invoked without arguments or with the list option, the command displays a list of all available interfaces in the system. When invoked with only an interface name, the command shows detailed information about that interface. Any other invocation method configures the interface denoted in ifname.
 
* 
Note 
Use a console connection to the protector when using this command to configure the management interface, (and not a remote SSH connection). Using the latter may terminate the session to the protector. In addition, if the IP address is changed, it may be required to re-establish secure communication with the Forcepoint DLP server (by re-running the configuration wizard).
Parameters
*
ip: the IP address assigned to the interface. This option is valid only for the management interface. When setting ip, the prefix and bcast options must also be set.
*
prefix: network mask of the interface. For example: 24 (will assign 255.255.255.0 mask to the interface)
*
bcast: broadcast address of the interface. For example: for an interface with the IP address 192.168.1.1/24, the broadcast address is usually 192.168.1.255.
*
speed: interface link speed. Available speeds: auto, 10, 100, 1000
*
duplex: interface link duplex. Available duplex options: auto, half, full
*
mgmt: sets the interface as the management interface of the protector. The previously defined management interface can no longer be used for management purposes.
*
enable, disable: enables or disables the interface (default is enable)
*
descr: assigns a short description for the interface. Note that if the description contains spaces, it must be enclosed within quotation marks ("").
Default
eth0
Example
Forcepoint1# iface eth0 ip 10.100.16.20 prefix 24 bcast 10.100.16.255 mgmt enable
Add or delete routing information
Syntax
route list
route add {destination network | destination ip} {via ip | dev device}
route del {destination network | destination ip} {via ip | dev device}
Description
Adds or deletes route entries in the protector. When adding or deleting routes to networks, use the x.x.x.x/prefix format. For example: 192.168.1.0/24.
Parameters
*
list: displays the protector's routing table
*
add: adds a route to a network or IP address
*
del: deletes a route to a network or IP address
Example
Forcepoint1# route add 100.20.32.0/24 via 10.16.10.10
Forcepoint1# route add 172.16.1.0/24 dev eth0
Manage users
Syntax
user add {username} profile {profile} pwd {password}
user del {username}
user mod {username} [profile {profile}] [pwd {new password}]
user list
Description
Use the "user" command to define additional system access accounts. Each account has a profile that defines the operations available to users.
The available profiles are:
*
admin: all commands are allowed
*
netadmin: only networking related commands are allowed
*
policyadmin: only the policy command is allowed
The list of commands each profile can run cannot be changed.
Parameters
*
add: add a user with the given profile and password
*
del: delete a user
*
mod: modify a user's profile and/or password
*
list: display a list of all defined users and their profiles
Example
Forcepoint1# user add Jonny profile netadmin pwd 123qwe
Filtering monitored networks
Use the Forcepoint Management Interface to define which networks are monitored by the protector.
This CLI command enables advanced filtering of monitored networks.
 
* 
Note 
Forcepoint recommends testing the filter using tcpdump before setting the filter. This ensures that the protector recognizes the filter expression.
Syntax
filter [show | set rule | delete]
Parameters
*
show: displays the current active filters - monitored networks
*
set: defines a list of monitored networks
*
delete: deletes previously set filter rules
Example
Forcepoint1# filter set "tcp and host 10.0.0.1"
This command sets the protector to monitor all TCP traffic to/from 10.0.0.1 and ignore all other hosts in the network. If VLAN is used, it should be listed first in the filter ("vlan and tcp" instead of "tcp and vlan").
 

Go to the table of contents Go to the previous page Go to the next page
Using the Forcepoint DLP Protector CLI > Command-line reference
Copyright 2023 Forcepoint. All rights reserved.