Command-line reference

Following are general guidelines to using the CLI.

Applies to: Forcepoint DLP, v8.5.x, v8.6.x, v8.7.x, v8.8.x, v8.9.x
  • For admin users, use the helpcommand to view a list of all available commands
  • All commands can be run with the “help” option to view detailed help about that command. For example: iface help
  • The CLI shell offers auto-complete for command names using the TAB key. For example, typing the letter “i” plus TAB will display all commands that start with the letter “i.”
  • The CLI shell implements command history. Use the up/down arrows to view/run/ modify previously entered commands, sequentially.

    Some commands’ output may exceed the height of the screen. Use the terminal software to scroll back and view all output.

  • All commands and their arguments are case sensitive.
  • Abbreviations are not accepted in the CLI; it is necessary to type the entire word. The TAB button can be used to complete partially typed commands.
  • Some command output may exceed the length of the screen. Once the screen is full, the CLI will prompt –more-. Use the spacebar to display the next screen.
Table 1.
Action Syntax Description
Exit the command line interface exit

Exits the user from the Forcepoint Protector CLI and returns to the login prompt or to a wrapper shell environment.
Show CLI help messages help

This command displays all available commands with a small description for each. The list of available commands depends on the user’s profile. All commands support the help argument. When used, the command displays a help message relevant to that command.

Forcepoint1# dns help
dns: Configure or show DNS server(s) Usage: dns [list | delall] dns [{add | del} <ipaddr>]
Accessing the basic configuration wizard wizard

Opens the Forcepoint Protector Installation Wizard. The user can also run wizard securecomm to go directly to the registration stage of the Wizard, where Data Security Manager details are entered.

Forcepoint1# wizard
Forcepoint1# wizard securecomm
Rebooting the protector reboot

Reboots the protector. The protector is shut down and restarted immediately after the command is executed.
Turning off the protector shutdown

Shuts down the protector. The protector is shut down and powered off immediately after the command is executed.
Showing the Forcepoint Protector version version

Displays the protector version information.

Forcepoint1# version
This is Forcepoint Content Protector 8.6.0.009, Policy Engine 8.6.0.9 (Appliance 8.6.0.009)
Setting or showing the system date date [-d] [dd-mmm-yyyy]

Sets or displays the date of the protector. By default, the command displays the current date. Otherwise, the argument is used to set the date of the protector.

The date command is also a native Linux command. Root users can access the CLI command by running it with its full path:

/opt/websense/neti/bin/date

Parameters:

If the -d option is given, the date is displayed or set using an all digit format (mm/dd/ yyyy, for example: 07/31/2017). Otherwise, a dd-mmm-yyyy format is used. dd is the day of the month [01 to 31] mmm is the month in abbreviated 3-letter format [Jan, Feb, Mar, etc.] yyyy is the year [2016, 2017]
Forcepoint1# date
31-Jul-2017
Setting or showing the system time time -h [HH[:MM[:SS]]]

Sets or displays the time in the protector. By default, the command displays the current time.

The timecommand is also a native Linux command. Root users can access the CLI command by running it with its full path:
/opt/websense/neti/bin/time
Parameters:
  • -u sets the time in UTC
  • -h displays a short usage message HH:MM:SS HH is the hour [00 to 24]
  • MM is the minutes [00 to 59]
  • SS is the seconds [00 to 59]
Forcepoint1# time
17:55:03
Modify or show system time zone timezone [list, show, set <timezone>]

Shows or sets the protector time zone.

Parameters:
  • list displays a complete list of time zones that can be set in the Forcepoint Protector
  • show displays the time zone set in the Forcepoint Protector (default option)
  • set <timezone> sets the time zone. The set command must be followed by the name of the time zone to be selected, as listed using the list command. Note that the names of the time zones are case-sensitive.
Default: When no argument is given, "show" is assumed.
Forcepoint1# timezone set US/Hawaii
Viewing protector information info { cpu | memory | network | diag | uptime | hardware | features} info stats [reset]

Displays information about the Forcepoint protector.

Root users must access the CLI command by running it with its full path:
/opt/websense/neti/bin/info
Parameters:
  • cpu displays the protector’s CPU usage information.
  • memory displays the protector memory usage information.
  • network displays the protector’s network settings including hostname, domain name, IP address and routing table.
  • diag creates a diagnostic file to be used by Forcepoint technical services.
  • uptime displays the amount of time the protector has been up and operational.
  • features lists all the possible features available on this protector and what they can do (monitor or block).
  • hardware displays hardware information including which network cards are installed.
  • stats displays traffic statistics for each protocol being monitored; this is useful to verify the operational status of the Protector.
  • stats reset resets all statistics counters to zero.
Forcepoint1# info cpu
Processor 1: 1.3% loaded (98.7% idle)
Forcepoint1# info memory
Free physical memory 8.7%
Collecting statistics debug stats [-d] [-i <interval> | -n <count>]

This command allows a user to collect statistics about network behavior over time. It does so by running info stats at specified intervals for a given number of times. The collected statistics are saved in a CSV file for easy manipulation and analysis in spreadsheet tools such as Microsoft Excel. The resulting file is saved as:

opt/pa/log/collect_stats.csv.gz
Parameters:
  • -d: delete previously recorded statistics information file, if one exists
  • interval: the interval in seconds between two runs that take a snapshot of the statistics.
  • count: how many times the statistics snapshot should be taken.

Default:

The default interval is every 60 seconds. The default number is 1440 (which is the equivalent of 24 hours of statistics when the default interval of 60 is selected).
Forcepoint# debug stats -d -i 120
Configure or show the DNS server(s) dns [list | delall] dns [{add | del}] <ip_address>]

Lists, adds, or deletes DNS servers.

Parameters:
  • list: displays a list of DNS servers in the protector
  • delall: deletes all DNS servers set in the protector
  • add: adds a DNS server specified by its IP address to the protector
  • del: deletes the DNS server denoted by the specified IP address
Forcepoint1# dns add 192.168.15.3
Configure or show the default domain name(s) domain [list | delall] domain [{add (-m) | del} <domain>]

Lists, adds, or deletes default domain names in the protector.

Parameters:
  • list: displays a list of configured default domain names in the protector
  • delall: deletes all default domain names set in the protector
  • add: adds a default domain name specified by <domain> to the protector

    Use the -m switch to set a domain as main. The main domain is the domain that the protector is actually is a member of. Without the 1m switch a search domain is created. For the protector to resolve a domain this domain is searched as well. There may be many search domains, but only one main domain.

  • del: deletes the default domain name denoted by <domain> from the protector
Forcepoint1# domain add example.com
Configure or show the default gateway 
gateway <ip_address>
gateway [list | delete

By default, displays the current defined gateway. Using the parameters, it is possible to set or delete the default gateway of the protector.

Parameters:
  • ipaddr: when given, the ipaddr is used as a default gateway for the protector.
  • list: shows the configured default gateway.
  • delete: deletes the defined default gateway.
If this command is run from a remote SSH session, the session may terminate.
Forcepoint1# gateway 192.168.10.254
Configure or show the hostname hostname <name>

Displays the current hostname. The parameter can also set a unique name by which to identify the protector.

Parameters:

If a name is given, the hostname is set to the given name. Otherwise, the hostname is displayed.
Forcepoint1# hostname 1Tokyo
Configure or show interface information 
iface [list]
iface ifname [ip <ip_address>] [prefix <prefix>] [bcast <bcastaddr>] [speed <speed>] [duplex <duplex>] [mgmt] [enable|disable] [descr <description>]
Configures and displays the protector’s network interface information. When invoked without arguments or with the list option, the command displays a list of all available interfaces in the system. When invoked with only an interface name, the command shows detailed information about that interface. Any other invocation method configures the interface denoted in ifname.
Note: Use a console connection to the protector when using this command to configure the management interface, (and not a remote SSH connection). Using the latter may terminate the session to the protector. In addition, if the IP address is changed, it may be required to re-establish secure communication with the Forcepoint DLP server (by re- running the configuration wizard).

Parameters:

  • ip: the IP address assigned to the interface. This option is valid only for the management interface. When setting ip, the prefix and bcast options must also be set.
  • prefix: network mask of the interface. For example: 24 (will assign 255.255.255.0 mask to the interface)
  • bcast: broadcast address of the interface. For example: for an interface with the IP address 192.168.1.1/24, the broadcast address is usually 192.168.1.255.
  • speed: interface link speed. Available speeds: auto, 10, 100, 1000
  • duplex: interface link duplex. Available duplex options: auto, half, full
  • mgmt: sets the interface as the management interface of the protector. The previously defined management interface can no longer be used for management purposes.
  • enable, disable: enables or disables the interface (default is enable)
  • descr: assigns a short description for the interface. Note that if the description contains spaces, it must be enclosed within quotation marks ("").
Default:
eth0
Example:
Forcepoint1# iface eth0 ip 10.100.16.20 prefix 24 bcast 10.100.16.255 mgmt enable
Add or delete routing information 
route list
route add {destination network | destination ip} {via ip | dev device}
route del {destination network | destination ip} {via ip | dev device}

Adds or deletes route entries in the protector. When adding or deleting routes to networks, use the x.x.x.x/prefix format. For example: 192.168.1.0/24.

Parameters:
  • list: displays the protector’s routing table
  • add: adds a route to a network or IP address
  • del: deletes a route to a network or IP address
Forcepoint1# route add 100.20.32.0/24 via 10.16.10.10
Forcepoint1# route add 172.16.1.0/24 dev eth0
Manage users 
user add {username} profile {profile} pwd {password}
user del {username}
user mod {username} [profile {profile}] [pwd {new password}]
user list

Use the “user” command to define additional system access accounts. Each account has a profile that defines the operations available to users.

The available profiles are:
  • admin: all commands are allowed
  • netadmin: only networking related commands are allowed
  • policyadmin: only the policy command is allowed

The list of commands each profile can run cannot be changed.

Parameters:
  • add: add a user with the given profile and password
  • del: delete a user
  • mod: modify a user’s profile and/or password
  • list: display a list of all defined users and their profiles
Forcepoint1# user add Jonny profile netadmin pwd 123qwe
Filtering monitored networks 
filter [show | set rule | delete]

Use the Forcepoint Management Interface to define which networks are monitored by the protector.

This CLI command enables advanced filtering of monitored networks.
Note: Forcepoint recommends testing the filter using tcpdump before setting the filter. This ensures that the protector recognizes the filter expression.
Parameters:
  • show: displays the current active filters - monitored networks
  • set: defines a list of monitored networks
  • delete: deletes previously set filter rules
Forcepoint1# filter set "tcp and host 10.0.0.1"

This command sets the protector to monitor all TCP traffic to/from 10.0.0.1 and ignore all other hosts in the network. If VLAN is used, it should be listed first in the filter (“vlan and tcp” instead of “tcp and vlan”).