You are on page 1of 32

OPSEC

Check Point™ Command Line Cpconfig
OPSEC SDK 6.0

May 2006

© 2003-2006 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: ©2003-2006 Check Point Software Technologies Ltd. All rights reserved. Check Point, Application Intelligence, Check Point Express, the Check Point logo, AlertAdvisor, ClusterXL, Cooperative Enforcement, ConnectControl, Connectra, CoSa, Cooperative Security Alliance, Eventia, Eventia Analyzer, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, IMsecure, INSPECT, INSPECT XL, Integrity, InterSpect, IQ Engine, Open Security Extension, OPSEC, Policy Lifecycle Management, Provider-1, Safe@Home, Safe@Office, SecureClient, SecureKnowledge, SecurePlatform, SecuRemote, SecureXL Turbocard, SecureServer, SecureUpdate, SecureXL, SiteManager-1, SmartCenter, SmartCenter Pro, Smarter Security, SmartDashboard, SmartDefense, SmartLSM, SmartMap, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM, User-to-Address Mapping, UserAuthority, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 VSX, VPN-1 XL, Web Intelligence, ZoneAlarm, ZoneAlarm Pro, Zone Labs, and the Zone Labs logo, are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 6,496,935 and 6,850,943 and may be protected by other U.S. Patents, foreign patents, or pending applications.

For third party notices, see “THIRD PARTY TRADEMARKS AND COPYRIGHTS” on page 25.

.

..................................................................... 9 What Typographic Variations Mean .................................... 14 Cpconfig API Overview ............................... 24 Usage .......................................................................................................................................................................................................................................... 23 Fetch Certificate Authority Files ....................................... 19 Licensing ....................................... 18 Functions....................................................................................................................... 15 Chapter 2 API Functions Overview ................... 22 Certificate Authority ......... 10 Chapter 1 Introduction Overview .............................................. 14 Programming Model .......................... 20 Automatically Starting Check Point Modules........................................................................................................................................................................................................ 8 Summary of Contents . 21 Administrators .................... 24 Index..................................... 14 Installation Requirements.............................................Contents Preface Who Should Use This Guide............................. 31 Table of Contents 5 ............................................................................................................................... 19 Enable or Disable High Availability Module.................................................. 22 SMART Clients .................................................................................................................................................................................................................................................................................................................................... 19 Secure Internal Communication (SIC) ........... 23 SNMP Extension....................................................................................................................................................................................

6 .

Preface Preface P page 8 page 9 page 10 In This Chapter Who Should Use This Guide Summary of Contents What Typographic Variations Mean 7 .

It assumes that you have read the Check Point OPSEC API Specification.Who Should Use This Guide Who Should Use This Guide This document describes the Command Line Cpconfig. It also assumes that you have a basic understanding and a working knowledge of the following: • • • • • • system and network security the VPN-1 product system and network administration the C and/or C++ programming language the Unix or Windows operating system Internet protocols 8 . This API specification is written for developers who write software to enhance the network security provided by VPN-1.

exit with 0. “Introduction” Chapter 2. Preface 9 . All functions print results to stdout and upon success.Summary of Contents Summary of Contents This guide contains the following chapters: Chapter Chapter 1. This chapter describes the functions provided by the cpconfig command line. “API Functions” Description This chapter introduces the concepts associated with cpconfig.

.What Typographic Variations Mean What Typographic Variations Mean The following table describes the typographic variations used in this book. session = sam_new_session (client. session = sam_new_session (client. <your text> Edit the file <FWDIR>\lib\yourfile. and directories. Lines of data or code omitted from example Example Edit your . files. server). machine_name% You have mail. on-screen computer output. Use ls -a to list all files. TABLE P-1 Typographic Conventions Typeface or Symbol Meaning The names of commands. .login file. . line 1 line 2 . line n 10 .x x . server). but with emphasis Text that appears on an object in a window Replace the angle brackets and the text they contain with your text. . code same as above. Click on the Save AaBbCc123 AaBbCc123 Save button.

. [item2] item1 | item2 | item3 italic Preface 11 .What Typographic Variations Mean TABLE P-1 Typographic Conventions(continued) Typeface or Symbol Meaning The item is optional.. Specific values will be shown in italics Example dir [/o] dir [/o] [/w] [/s] copy infile1 | infile1 + infile2 |infile1 + infile2 + infile3 outfile one of addnet | addapp [item] [item1] . List of optional items Choose one of the items.

What Typographic Variations Mean 12 .

Chapter Introduction In This Chapter Overview Cpconfig API Overview 1 page 14 page 15 13 .

Overview Overview Command line cpconfig allows remote configuration of an existing VPN-1 installation so third party companies can write their own web interface. 14 . Installation Requirements The Administrator must be root in order to run these commands. Programming Model These commands are available for use after the first running of cpconfig. This document explains how to use the cpconfig command line.

All functions print their results to stdout and exit with 0 on success. activate/deactivate SNMP (Unix only) fetch the certificate authority files provides specific usage for a command page 19 19 SIC Automatically Starting Check Point Modules Administrators SMART Clients Certificate Authority 20 21 22 22 23 SNMP Extension 23 Fetch CA Files Usage 24 24 Chapter 1 Introduction 15 . Table 1-1 Overview of API functions function section title License Enable/Disable High Availability general purpose retrieving or adding licensing enables or disables Check Point High Availability Module/Status Synchronization Secure Internal Communication automatically starts Check Point Modules (Unix only) returns or allows editing of Administrators for manipulating GUI clients initialize certificate authority or show a certificate’s fingerprint get SNMP status.Cpconfig API Overview Cpconfig API Overview The functions in cpconfig that are supported in the command line include both SmartCenter and module functions.

Cpconfig API Overview 16 .

Chapter API Functions In This Chapter Overview Functions Licensing Enable or Disable High Availability Module Secure Internal Communication (SIC) Automatically Starting Check Point Modules Administrators SMART Clients Certificate Authority SNMP Extension Fetch Certificate Authority Files Usage 2 page 18 page 19 page 19 page 19 page 20 page 21 page 22 page 22 page 23 page 23 page 24 page 24 17 .

18 . exit with 0. All functions print results to stdout and upon success.Overview Overview This chapter describes the functions provided by the cpconfig command line.

For further information on licensing centers see: http://www. The license file should be copied to the remotely configured module. cp_conf lic delete <license signature> cp_conf lic delete <license signature> deletes a license from a license file.com. Licensing The following functions show which licenses are installed and how to add or delete licenses. Enable or Disable High Availability Module The following functions enable or disable the High Availability Module. cp_conf lic get cp_conf lic get shows which licenses are currently installed on the machine from all Check Point products. Each function is organized in a group under a logical topic heading.opsec. After enabling or disabling the High Availability Module the Administrator will receive the following message: Chapter 2 API Functions 19 . cp_conf ha disable disables the High Availability Module. cp_conf lic add -f <file name> cp_conf lic add -f <file name> adds licenses from a license file. cp_conf lic add -m <host><date><string><features> cp_conf lic add -m <host><date><string><features> adds a license manually. The license file is provided when purchasing licenses via a licensing center.Functions Functions The following are functions that can be used to increase flexibility via the cpconfig command line. cp_conf ha enable/disable [norestart] cp_conf ha enable enables the High Availability Module.

Secure Internal Communication (SIC) Warning: In order for the changes to take place. or if trust was established. 20 . The <modules obj name> is the object name defined in the management. SIC is reset and the new password is set. Without the norestart flag the command will automatically restart the Check Point Modules (the command will perform cpstop). Secure Internal Communication (SIC) The following functions initialize SIC or show the current SIC state. cp_conf sic init <passw> [norestart] cp_conf sic init <passw> [norestart] initializes SIC. you must reboot your machine! Note . this command pulls the certificate from the management selected in the command. cp_conf sic cert_pull<management name/IP><module object name> In case of a dynamic address gateway (DAG) machine.The norestart flag has no meaning on NT. cp_conf sic state cp_conf sic state shows the current SIC state. If SIC was already initialized.

cp_conf auto disable <product1><product2>. Products can be: • • • VPN-1 FG1 RM or all The default is all. cp_conf auto disable <product1><product2>.. cp_conf auto enable <product1><product2>. Products can be: • • • VPN-1 FG1 RM or all The default is all.. Chapter 2 API Functions 21 . FloodGate-1.The norestart flag has no meaning on NT.... cp_conf auto get [fw1] [fg1][rm] [all] cp_conf auto get [fw1][fg1][rm][all] returns the state of automatic restart for: • • • • VPN-1. Note . enables the automatic restart of the specified product(s).Automatically Starting Check Point Modules Automatically Starting Check Point Modules The following functions report or set automatic states. SmartView Reporter or all products installed The default is all.. disables the automatic restart of the specified product(s). The following commands work on Unix machines only. cp_conf auto enable <product1><product2>...

SMART Clients The following functions allow the Administrator to manipulate SMART Clients. deletes SMART Client(s). cp_conf client del <SMART_client1><SMART_client2>. adds or deletes administrators. cp_conf admin add <username><passw><permissions> cp_conf admin add adds an Administrator to the list of Administrators. cp_conf client add <SMART_client> cp_conf client add <SMART_client> adds one SMART Client at a time..read only cp_conf admin del <user1><user2>.read/write r... deletes Administrators from the list of Administrators.. cp_conf client get cp_conf client get shows the SMART Client list..Administrators Administrators The following functions shows. cp_conf client del <SMART_client1><SMART_client2>. Permissions can be: • • rw. cp_conf admin get cp_conf admin get returns the list of administrators currently defined.. cp_conf admin del <user1><user2>.. 22 ..

cp_conf client createlist <SMART_client1><SMART_client2>. VPN-1 will automatically restart.Certificate Authority cp_conf client createlist <SMART_client1><SMART_client2>. Certificate Authority The following functions allow the Administrator to initialize certificate authority and show fingerprints. SNMP Extension The following functions allow the SNMP status and activate or deactivate SNMP. cp_conf snmp activate [norestart] cp_conf snmp activate [norestart] activates SNMP. creates a new list of client(s) overriding a pre-existing list. cp_conf ca init cp_conf ca init initializes certificate authority. Chapter 2 API Functions 23 .SNMP Extension commands are only available to Unix Machines. Unless you choose the norestart flag. VPN-1 will automatically restart.... cp_conf snmp deactivate [norestart] cp_conf snmp deactivate [norestart] deactivates SNMP. Note . cp_conf snmp get cp_conf snmp get tells whether the SNMP status is active or inactive. cp_conf finger get cp_conf finger get shows the finger print for a certificate. Unless you choose the norestart flag..

cp_conf -h cp_conf -h returns how cp_conf is being used. cp_conf fetch ca <management IP/name> cp_conf fetch ca <management IP/name> fetches the CA files. you must fetch the certificate authority (CA) files. Usage The following functions return the usage for cp_conf or for a command.Fetch Certificate Authority Files Fetch Certificate Authority Files Before synchronization can occur between two managements. 24 . cp_conf <cmd> -h cp_conf <cmd> -h returns a specific usage for the command.

The following statements refer to those portions of the software copyrighted by The OpenSSL Project. THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES. THE SOFTWARE IS PROVIDED "AS IS". EXEMPLARY. in the United States and other countries. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www. 25 . EXEMPLARY. INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. INDIRECT. BUT NOT LIMITED TO. written prior permission. and that the name of CMU not be used in advertising or publicity pertaining to distribution of the software without specific. ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation.THIRD PARTY TRADEMARKS AND COPYRIGHTS Entrust is a registered trademark of Entrust Technologies. BUT NOT LIMITED TO. WITHOUT WARRANTY OF ANY KIND. WHETHER IN CONTRACT. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. The following statements refer to those portions of the software copyrighted by Carnegie Mellon University. Copyright 1997 by Carnegie Mellon University. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Entrust Technologies Limited is a wholly owned subsidiary of Entrust Technologies. WHETHER IN AN ACTION OF CONTRACT. INCIDENTAL. OR CONSEQUENTIAL DAMAGES (INCLUDING. Copyright © Sax Software (terminal emulation only). STRICT LIABILITY. BUT NOT LIMITED TO.openssl. OR PROFITS. Permission to use. INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. SPECIAL. SPECIAL. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. DATA. Entrust’s logos and Entrust product and service names are also trademarks of Entrust Technologies. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. Copyright © 1998 The Open Group. Portions of the software copyright © 1992-1996 Regents of the University of Michigan. TORT OR OTHERWISE. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES. Inc. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. FireWall-1 and SecuRemote incorporate certificate management technology from Entrust. STRICT LIABILITY. ARISING FROM. OR CONSEQUENTIAL DAMAGES (INCLUDING. DATA. copy. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT. All rights reserved. Verisign is a trademark of Verisign Inc. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES. The following statements refer to those portions of the software copyrighted by Eric Young. OR PROFITS. INDIRECT. LOSS OF USE. LOSS OF USE. WHETHER IN AN ACTION OF CONTRACT. EXPRESS OR IMPLIED. This software is provided “as is” without express or implied warranty. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. The following statements refer to those portions of the software copyrighted by University of Michigan. All Rights Reserved. and distribute this software and its documentation for any purpose and without fee is hereby granted. IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM. WHETHER IN CONTRACT.org/). The following statements refer to those portions of the software copyrighted by The Open Group. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. DAMAGES OR OTHER LIABILITY. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. NEGLIGENCE OR OTHER TORTIOUS ACTION. Inc. INCLUDING. THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES. INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY. BUT NOT LIMITED TO. modify.CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE. INCLUDING. Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is given to the University of Michigan at Ann Arbor. IN NO EVENT SHALL CMU BE LIABLE FOR ANY SPECIAL. INCIDENTAL. DATA OR PROFITS. Inc.

You should have received a copy of the GNU General Public License along with this program.2004. copy. WHETHER IN AN ACTION OF CONTRACT. Portions relating to PNG copyright 1999. if not. Permission is granted to anyone to use this software for any purpose. without any express or implied warranty. 1999. <daniel@haxx.0 (the "License"). THE SOFTWARE IS PROVIDED "AS IS".0. Although their code does not appear in gd 2. 2002 John Ellson (ellson@graphviz. 2001. and Hutchison Avenue Software Corporation for their prior contributions. 2001. Thomas G. Portions copyright 1994. to any person obtaining a copy of this software and associated documentation files (the "Software"). 2000. subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. copy. 2001. This does not affect your ownership of the derived work itself.org). you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation. Inc. 3. The following statements refer to those portions of the software copyrighted by Thai Open Source Software Center Ltd and Clark Cooper Copyright (c) 2001. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. merge.org). 2000. you may not use this file except in compliance with the License. and distribute this software for any purpose with or without fee is hereby granted. 2002 by Boutell. sublicense. including but not limited to implied warranties of merchantability and fitness for a particular purpose. 2. "Derived works" includes all programs that utilize the library. Version 2. an acknowledgment in the product documentation would be appreciated but is not required. MA 02139. You may obtain a copy of the License at http://www. USA. 2001. If you have questions. Portions relating to GD2 format copyright 1999. 2002 Expat maintainers. or (at your option) any later version. without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 2002 Greg Roelofs. The following statements refer to those portions of the software copyrighted by the Gnu Public License. either version 2 of the License. distribute. 1997. not to interfere with your productive use of gd. provided that this notice is present in user-accessible supporting documentation. Credit must be given in user-accessible documentation. 1998. This software is provided 'as-is'..c copyright 1999. 2000. 2002. Bruce Verderaime. INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY. YOU MAY NOT re-distribute or represent the code as your own. Permission is hereby granted. 2002 John Ellson (ellson@graphviz. 1996. Inc. including without limitation the rights to use. 26 . TORT OR OTHERWISE. Portions relating to WBMP copyright 2000. and the intent is to assure proper credit for the authors of gd. This software is provided "AS IS. The origin of this software must not be misrepresented. ARISING FROM. 2000.The following statements refer to those portions of the software copyrighted by Jean-loup Gailly and Mark Adler Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler. 2002 Philip Warner.All rights reserved. you must not claim that you wrote the original software. In no event will the authors be held liable for any damages arising from the use of this software. modify. Licensed under the Apache License. Portions relating to JPEG and to color quantization copyright 2000. and to permit persons to whom the Software is furnished to do so. publish.TXT for more information.c copyright 2001. See the GNU General Public License for more details. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM. 1996. 2002 by Cold Spring Harbor Laboratory.Com. 2000. EXPRESS OR IMPLIED. 1995. GDChart is free for use in your applications and for chart generation. Funded under Grant P41-RR02188 by the National Institutes of Health. 675 Mass Ave. and must not be misrepresented as being the original software. 1997.4. and/or sell copies of the Software. Doug Becker and copyright (C) 1994. 1999. Daniel Stenberg. Portions relating to gdft. WITHOUT WARRANTY OF ANY KIND. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. This program is free software. Portions relating to gdttf. See the file README-JPEG. 2002 Maurice Szmurlo and Johan Van den Brande. DAMAGES OR OTHER LIABILITY.0 The curl license COPYRIGHT AND PERMISSION NOTICE Copyright (c) 1996 . with respect to this code and accompanying documentation.apache. 1997. Permission to use. This software is based in part on the work of the Independent JPEG Group. Cambridge. David Rowley.org/licenses/LICENSE-2.se>. This notice may not be removed or altered from any source distribution. distribute and modify gd in any context without fee. 1998. 2002. 2000. 2000. 1998. 1998. Copyright. 2001. subject to the following restrictions: 1. 2001. 2001. 1999. including a commercial application. the authors wish to thank David Koblas. Portions copyright 1996. ask. Lane. Permission has been granted to copy. free of charge. Any re-distributions of the code MUST reference the author. and include any and all original documentation. 1999. write to the Free Software Foundation. to deal in the Software without restriction. Altered source versions must be plainly marked as such. provided that the above copyright notice and this permission notice appear in all copies. but WITHOUT ANY WARRANTY. 2001." The copyright holders disclaim all warranties. If you use this software in a product. and to alter it and redistribute it freely. including commercial applications. 1995. This program is distributed in the hope that it will be useful. 2001. either express or implied. modify.

please see <http://www. Once covered code has been published under a particular version of the license.com). WITHOUT WARRANTY OF ANY KIND. is permitted provided that the following conditions are met: 1. are permitted provided that the following conditions are met: Redistribution of source code must retain the above copyright notice. freely available from <http://www. THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES. The PHP Group may publish revised and/or new versions of the license from time to time. this list of conditions and the following disclaimer. DATA. Except as contained in this notice. 6. You may indicate that your software works in conjunction with PHP by saying "Foo for PHP" instead of calling it "PHP Foo" or "phpfoo" 5. Itai Tzur <itzur@actcom.zend. 4. The name "PHP" must not be used to endorse or promote products derived from this software without prior written permission.net. You may also choose to use such covered code under the terms of any subsequent version of the license published by the PHP Group. freely available at <http://www. DAMAGES OR OTHER LIABILITY. Redistributions in binary form must reproduce the above copyright notice. For more information on the PHP Group and the PHP project. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. Redistribution and use in source and binary forms. this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Products derived from this software may not be called "PHP". This software consists of voluntary contributions made by many individuals on behalf of the PHP Group. LOSS OF USE. BUT NOT LIMITED TO.THE SOFTWARE IS PROVIDED "AS IS". Chapter 27 . OR CONSEQUENTIAL DAMAGES (INCLUDING.php. the name of a copyright holder shall not be used in advertising or otherwise to promote the sale. OR PROFITS. This product includes software written by Tim Hudson (tjh@cryptsoft. The PHP License.il> All rights reserved. please contact group@php. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. EXEMPLARY.co. INDIRECT.0 Copyright (c) 1999 . PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES. BUT NOT LIMITED TO. 3. with or without modification.com>. without prior written permission from group@php.net>. This product includes the Zend Engine. For written permission. Redistributions of source code must retain the above copyright notice. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. WHETHER IN CONTRACT. with or without modification. ARISING FROM. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. you may always continue to use it under the terms of that version. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM. Each version will be given a distinguishing version number. Copyright (c) 2003.net/>". Redistribution and use in source and binary forms. nor may "PHP" appear in their name. All rights reserved.net. INCLUDING.php. SPECIAL. The PHP Group can be contacted via Email at group@php. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes PHP. use or other dealings in this Software without prior written authorization of the copyright holder.net. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. INCIDENTAL. No one other than the PHP Group has the right to modify the terms applicable to covered code created under this License. 2. Neither the name of Itai Tzur nor the names of other contributors may be used to endorse or promote products derived from this software without specific prior written permission. TORT OR OTHERWISE. WHETHER IN AN ACTION OF CONTRACT. EXPRESS OR IMPLIED. STRICT LIABILITY.2004 The PHP Group. this list of conditions and the following disclaimer. version 3. INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY. IN NO EVENT SHALL THE PHP DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT.

WITHOUT WARRANTY OF ANY KIND. ARISING FROM. duplication. WHETHER IN CONTRACT. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 2004 NextHop Technologies.S. any license or right to use any Trademark displayed in the document. photocopying. estoppel. and logos (the "Trademarks") used and displayed in this document are registered and unregistered Trademarks of NextHop in the US and/or other countries. The Government's rights to use. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. WHETHER IN AN ACTION OF CONTRACT.THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES. and/or sell copies of the Software. Use. display or disclose are restricted by paragraph (b)(3) of the Rights in Noncommercial Computer Software and Noncommercial Computer Soft-ware Documentation clause at DFAR 252. or otherwise. copy. Alternative III (Jun 87) and paragraph (c)(2) of the Commer-cial Computer Software-Restricted Rights clause at FAR 52.S. mechanical. Trademark Notice The trademarks. including in advertising or publicity pertaining to distribution of. STRICT LIABILITY. publish. without the prior written permission of NextHop Technologies. by implication. The Trademarks may not be used in any way. Inc. distrib-uted. none of the material provided as a part of this document may be copied. Confidential Copyright Notice Except as stated herein. INCLUDING. modify. displayed. but not lim-ited to. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES. and communications regulations and statutes. including without limitation the rights to use. to any person obtaining a copy of this software and associated documentation files (the "Software"). LOSS OF USE. +1 734 222 1600. any downloaded and printed materials must be immediately destroyed. downloaded. release. THE SOFTWARE IS PROVIDED "AS IS". BUT NOT LIMITED TO. Government Restricted Rights The material in document is provided with "RESTRICTED RIGHTS. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM. Copyright (c) 1998.227-7014 (Jun 1995). free of charge. or otherwise. No material contained in this document may be "mirrored" on any server without written permission of NextHop. without prior. SPECIAL. OR PROFITS. including use. subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. copy.S. republished. 2000 Thai Open Source Software Center Ltd Permission is hereby granted.227-19 (Jun 1987). Inc. reproduce. including. recording. trademark laws. materials in this document. The Contractor/Licensor is NextHop located at 1911 Landings Drive. or disclosure by the Government is subject to restrictions as set forth in applicable laws and regulations. 1999. and the other restrictions and terms in paragraph (g)(3)(i) of Rights in Data-General clause at FAR 52. modify. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. electronic. OR CONSEQUENTIAL DAMAGES (INCLUDING. INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY. Any questions concerning the use of these Trademarks should be referred to NextHop at U. DATA. distribute and download the materials in this doc-ument for personal. All rights reserved. Use of Trademarks as a "hot" link to any website is prohibited unless establishment of such a link is approved in advance in writing. EXEMPLARY. or access to. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.227-14. INCIDENTAL. INDIRECT. distribute. TORT OR OTHERWISE. sublicense. EXPRESS OR IMPLIED. 28 . written permission. DAMAGES OR OTHER LIABILITY. and to permit persons to whom the Software is furnished to do so. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The owners aggressively enforce their intellectual property rights to the fullest extent of the law. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. the laws of privacy and publicity. Nothing in this document should be construed as granting. service marks. government ("Government") in a transaction subject to the Federal Acquisition Regulations with Restricted Rights." Software and accompanying documentation are provided to the U. Mountain View. U. reproduced. Any unauthorized use of any material contained in this document may violate copyright laws. perform. or that of the original creator. to deal in the Software without restriction. BUT NOT LIMITED TO. non-commercial use only. The names of actual companies and products mentioned herein may be Trademarks of their respective owners. provided you do not modify the materials and that you retain all copy-right and other proprietary notices contained in the materials unless otherwise stated. Upon termination. merge. Copyright © 2003. Permission is granted to display. posted or transmitted in any form or by any means. Permission terminates automatically if any of these terms or condi-tions are breached. California 94043. Use of the material in this document by the Government constitutes acknowledgment of NextHop's proprietary rights in them.

OR CONSEQUENTIAL DAMAGES (INCLUDING. OR RELIABILITY OF. BUT NOT LIMITED TO. NON INFRINGEMENT OR OTHER VIOLATION OF RIGHTS. BUT NOT LIMITED TO.uk> University of Cambridge Computing Service. Copyright (c) 1997-2004 University of Cambridge All rights reserved. The documentation for PCRE. Written by: Philip Hazel <ph10@cam. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. Inc. ARISING OUT OF THE USE. are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice. Chapter 29 .9 Release PCRE LICENCE PCRE is a library of functions to support regular expressions whose syntax and semantics are as close as possible to those of the Perl 5 language. EXPRESSED OR IMPLIED. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. is distributed under the same terms as the software itself. THE MATERIAL IN THIS DOCUMENT. INCLUDING. NEXTHOP DISCLAIMS ALL WARRANTIES.Disclaimer Warranty Disclaimer Warranty Disclaimer Warranty Disclaimer Warranty THE MATERIAL IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND EITHER EXPRESS OR IMPLIED. LLC 1991-2002. * Neither the name of the University of Cambridge nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. Release 5 of PCRE is distributed under the terms of the "BSD" licence. SPECIAL. INCLUDING. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. as specified below. THE MATERIAL IN THIS DOCUMENT. BIND: ISC Bind (Copyright (c) 2004 by Internet Systems Consortium. OR THE RESULTS OF THE USE OF. INDIRECT. SPECIAL. INDIRECT. England. EXEMPLARY. supplied in the "doc" directory. DATA. All Rights Reserved. BUT NOT LIMITED TO. BUT NOT LIMITED TO. Cambridge. this list of conditions and the following disclaimer. INCLUDING. WHETHER IN CONTRACT. INCIDENTAL. YOU ASSUME ANY COSTS THEREOF. IMPLIED WARRANTIES OF MERCHANTABILITY. Redistribution and use in source and binary forms. NEITHER NEXTHOP NOR ANY OTHER PROVIDER OR DEVELOPER OF MATERIAL CONTAINED IN THIS DOCUMENT WARRANTS OR MAKES ANY REPRESEN-TATIONS REGARDING THE USE. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES. IF YOUR USE OF MATERIAL FROM THIS DOCUMENT RESULTS IN THE NEED FOR SERVICING. OR PROFITS. FITNESS FOR A PARTICULAR PURPOSE. Limitation of Liability UNDER NO CIRCUMSTANCES SHALL NEXTHOP BE LIABLE FOR ANY DIRECT. TO THE FULLEST EXTENT POSSIBLE PURSUANT TO THE APPLICABLE LAW. LOSS OF USE. Theo de Raadt: the OpenBSD 2. * Redistributions in binary form must reproduce the above copyright notice. INCIDENTAL OR CONSEQUENTIAL DAMAGES. this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. ACCURACY. with or without modification. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES. Phone: +44 1223 334714. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. OR OTHERWISE RESPECTING. ("ISC")) Copyright 1997-2001. EVEN IF NEXTHOP OR A NEXTHOP AUTHORIZED REPRESENTATIVE HAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. VALIDITY. Copyright © ComponentOne. REPAIR OR CORRECTION OF EQUIPMENT OR DATA. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES. STRICT LIABILITY. SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT FULLY APPLY TO YOU. LOSS OF DATA OR PROFIT. OR THE INABILITY TO USE.ac.

30 .

.. 21 auto enable<product1><produc t2>.. 21 ca init 23 client add <gui_client> 22 client createlist <SMART_client1><SMAR T_client2>... 22 client get 22 fetch ca <target> 24 finger get 23 -h 24 ha enable/disable [norestart] 19 lic add -f <file name> 19 lic add -m <host><date><string><fea tures> 19 lic delete <license signature> 19 lic get 19 sic state 20 snmp activate[norestart] 23 enable or disable High Availability Module 19 F first running 14 I installation requirements 14 S sic cert_pull<management name IP><module object name> 20 sic init <passw> [norestart] 20 June 2006 31 . 23 client del <gui_client1><gui_client2 >....Index A API overview 15 auto get [fw1] [fg1][rt] [all] 21 snmp deactivate[norestart] 23 snmp get 23 E C cp_conf <cmd> -h 24 admin add [<username><passw>[c]<permissions>] 22 admin del <user1><user2>.. 22 admin get 22 auto disable <product1><product2>..

32 .