Amer Networks E5Web GUI User Manual
Page 44
The naming of some objects is optional and is done with the Name= parameter in an add
command. An object, such as a threshold rule, will always have an Index value which indicates its
position in the rule list but can optionally be allocated a name as well. Subsequent manipulation
of such a rule can be done either by referring to it by its index, that is to say its list position, or by
alternatively using the name assigned to it.
The CLI Reference Guide lists the parameter options available for each cOS Core object, including
the Name= and Index= options.
Using Unique Names
For convenience and clarity, it is recommended that a name is assigned to all objects so that it
can be used for reference if required. Reference by name is particularly useful when writing CLI
scripts. For more on scripts see Section 2.1.5, “CLI Scripts”.
The CLI will enforce unique naming within an object type. For reasons of backward compatibility
to earlier cOS Core releases, an exception exists with IP rules which can have duplicate names,
however it is strongly recommended to avoid this. If a duplicate IP rule name is used in two IP
rules then only the Index value can uniquely identify each IP rule in subsequent CLI commands.
Referencing an IP rule with a duplicated name will fail and result in an error message.
Using Hostnames in the CLI
For certain CLI commands, IP addresses can optionally be specified as a textual hostname instead
an IP4Address object or raw IP address such as 192.168.1.10. When this is done, the hostname
must be prefixed with the letters dns: to indicate that a DNS lookup must be done to resolve the
hostname to an IP address. For example, the hostname host.company.com would be specified as
dns:host.company.com in the CLI.
The parameters where this might be used with the CLI are:
•
The Remote Endpoint for IPsec, L2TP and PPTP tunnels.
•
The Host for LDAP servers.
When DNS lookup needs to be done, at least one public DNS server must be configured in cOS
Core for hostnames to be translated to IP addresses.
InControl Domains
When using InControl as the means of configuring cOS Core, it is possible to use the logical
concept of a Domain to share the same object between security gateways.
The Domain is a construct that only exists in InControl and not in individual security gateway
configurations. For this reason, the CLI cannot be used to manipulate domains.
Furthermore, an object in a InControl domain may not necessarily be used in the configuration of
a security gateway which is a child of that domain. If this is the case, the CLI cannot be used to
manipulate a domain object on a security gateway that does not use it.
Serial Console CLI Access
The serial console port is a local RS-232 port on the Clavister Security Gateway that allows direct
access to the cOS Core CLI through a serial connection to a PC or dumb terminal. To locate the
serial console port on Clavister hardware, see the corresponding hardware installation guide.
To use the console port, the following equipment is required:
Chapter 2: Management and Maintenance
44