OPSEC

Check Point™ Command Line Cpconfig
OPSEC SDK 6.0

May 2006

© 2003-2006 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: ©2003-2006 Check Point Software Technologies Ltd. All rights reserved. Check Point, Application Intelligence, Check Point Express, the Check Point logo, AlertAdvisor, ClusterXL, Cooperative Enforcement, ConnectControl, Connectra, CoSa, Cooperative Security Alliance, Eventia, Eventia Analyzer, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, IMsecure, INSPECT, INSPECT XL, Integrity, InterSpect, IQ Engine, Open Security Extension, OPSEC, Policy Lifecycle Management, Provider-1, Safe@Home, Safe@Office, SecureClient, SecureKnowledge, SecurePlatform, SecuRemote, SecureXL Turbocard, SecureServer, SecureUpdate, SecureXL, SiteManager-1, SmartCenter, SmartCenter Pro, Smarter Security, SmartDashboard, SmartDefense, SmartLSM, SmartMap, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM, User-to-Address Mapping, UserAuthority, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 VSX, VPN-1 XL, Web Intelligence, ZoneAlarm, ZoneAlarm Pro, Zone Labs, and the Zone Labs logo, are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 6,496,935 and 6,850,943 and may be protected by other U.S. Patents, foreign patents, or pending applications.

For third party notices, see “THIRD PARTY TRADEMARKS AND COPYRIGHTS” on page 25.

.

.......................................................................................................................................... 18 Functions........................................................... 10 Chapter 1 Introduction Overview ............................ 21 Administrators ......... 22 SMART Clients ................................................................................................................................................................................................................................................................................................................................................... 15 Chapter 2 API Functions Overview ........................ 31 Table of Contents 5 ........................... 14 Programming Model .............................................................. 9 What Typographic Variations Mean ............................................................................................................................................................................................................ 14 Cpconfig API Overview ........................................................................... 19 Licensing ............................. 23 SNMP Extension.......................................................................................................................................................................... 24 Index...................................... 23 Fetch Certificate Authority Files ................................. 20 Automatically Starting Check Point Modules..................... 22 Certificate Authority .................................................................................................Contents Preface Who Should Use This Guide....................... 24 Usage ................................................................................................ 14 Installation Requirements........................................................................................................................ 8 Summary of Contents ...................... 19 Secure Internal Communication (SIC) .................................. 19 Enable or Disable High Availability Module...........................................

6 .

Preface Preface P page 8 page 9 page 10 In This Chapter Who Should Use This Guide Summary of Contents What Typographic Variations Mean 7 .

This API specification is written for developers who write software to enhance the network security provided by VPN-1.Who Should Use This Guide Who Should Use This Guide This document describes the Command Line Cpconfig. It assumes that you have read the Check Point OPSEC API Specification. It also assumes that you have a basic understanding and a working knowledge of the following: • • • • • • system and network security the VPN-1 product system and network administration the C and/or C++ programming language the Unix or Windows operating system Internet protocols 8 .

Summary of Contents Summary of Contents This guide contains the following chapters: Chapter Chapter 1. “API Functions” Description This chapter introduces the concepts associated with cpconfig. “Introduction” Chapter 2. Preface 9 . All functions print results to stdout and upon success. exit with 0. This chapter describes the functions provided by the cpconfig command line.

on-screen computer output. server). Click on the Save AaBbCc123 AaBbCc123 Save button.login file. . files. TABLE P-1 Typographic Conventions Typeface or Symbol Meaning The names of commands. . session = sam_new_session (client. and directories. Use ls -a to list all files. server). but with emphasis Text that appears on an object in a window Replace the angle brackets and the text they contain with your text. . Lines of data or code omitted from example Example Edit your .What Typographic Variations Mean What Typographic Variations Mean The following table describes the typographic variations used in this book. . code same as above. machine_name% You have mail. line n 10 . line 1 line 2 .x x . session = sam_new_session (client. <your text> Edit the file <FWDIR>\lib\yourfile.

[item2] item1 | item2 | item3 italic Preface 11 . Specific values will be shown in italics Example dir [/o] dir [/o] [/w] [/s] copy infile1 | infile1 + infile2 |infile1 + infile2 + infile3 outfile one of addnet | addapp [item] [item1] . List of optional items Choose one of the items.What Typographic Variations Mean TABLE P-1 Typographic Conventions(continued) Typeface or Symbol Meaning The item is optional...

What Typographic Variations Mean 12 .

Chapter Introduction In This Chapter Overview Cpconfig API Overview 1 page 14 page 15 13 .

Programming Model These commands are available for use after the first running of cpconfig. Installation Requirements The Administrator must be root in order to run these commands. This document explains how to use the cpconfig command line.Overview Overview Command line cpconfig allows remote configuration of an existing VPN-1 installation so third party companies can write their own web interface. 14 .

Cpconfig API Overview Cpconfig API Overview The functions in cpconfig that are supported in the command line include both SmartCenter and module functions. Table 1-1 Overview of API functions function section title License Enable/Disable High Availability general purpose retrieving or adding licensing enables or disables Check Point High Availability Module/Status Synchronization Secure Internal Communication automatically starts Check Point Modules (Unix only) returns or allows editing of Administrators for manipulating GUI clients initialize certificate authority or show a certificate’s fingerprint get SNMP status. activate/deactivate SNMP (Unix only) fetch the certificate authority files provides specific usage for a command page 19 19 SIC Automatically Starting Check Point Modules Administrators SMART Clients Certificate Authority 20 21 22 22 23 SNMP Extension 23 Fetch CA Files Usage 24 24 Chapter 1 Introduction 15 . All functions print their results to stdout and exit with 0 on success.

Cpconfig API Overview 16 .

Chapter API Functions In This Chapter Overview Functions Licensing Enable or Disable High Availability Module Secure Internal Communication (SIC) Automatically Starting Check Point Modules Administrators SMART Clients Certificate Authority SNMP Extension Fetch Certificate Authority Files Usage 2 page 18 page 19 page 19 page 19 page 20 page 21 page 22 page 22 page 23 page 23 page 24 page 24 17 .

All functions print results to stdout and upon success. exit with 0. 18 .Overview Overview This chapter describes the functions provided by the cpconfig command line.

opsec.com. cp_conf lic get cp_conf lic get shows which licenses are currently installed on the machine from all Check Point products. cp_conf lic add -f <file name> cp_conf lic add -f <file name> adds licenses from a license file.Functions Functions The following are functions that can be used to increase flexibility via the cpconfig command line. cp_conf lic add -m <host><date><string><features> cp_conf lic add -m <host><date><string><features> adds a license manually. cp_conf lic delete <license signature> cp_conf lic delete <license signature> deletes a license from a license file. Each function is organized in a group under a logical topic heading. Enable or Disable High Availability Module The following functions enable or disable the High Availability Module. cp_conf ha enable/disable [norestart] cp_conf ha enable enables the High Availability Module. After enabling or disabling the High Availability Module the Administrator will receive the following message: Chapter 2 API Functions 19 . For further information on licensing centers see: http://www. The license file is provided when purchasing licenses via a licensing center. Licensing The following functions show which licenses are installed and how to add or delete licenses. cp_conf ha disable disables the High Availability Module. The license file should be copied to the remotely configured module.

The norestart flag has no meaning on NT. cp_conf sic state cp_conf sic state shows the current SIC state. The <modules obj name> is the object name defined in the management. 20 . Without the norestart flag the command will automatically restart the Check Point Modules (the command will perform cpstop). Secure Internal Communication (SIC) The following functions initialize SIC or show the current SIC state. If SIC was already initialized. or if trust was established. cp_conf sic cert_pull<management name/IP><module object name> In case of a dynamic address gateway (DAG) machine. this command pulls the certificate from the management selected in the command. cp_conf sic init <passw> [norestart] cp_conf sic init <passw> [norestart] initializes SIC. you must reboot your machine! Note . SIC is reset and the new password is set.Secure Internal Communication (SIC) Warning: In order for the changes to take place.

cp_conf auto enable <product1><product2>. cp_conf auto disable <product1><product2>. SmartView Reporter or all products installed The default is all. cp_conf auto get [fw1] [fg1][rm] [all] cp_conf auto get [fw1][fg1][rm][all] returns the state of automatic restart for: • • • • VPN-1..The norestart flag has no meaning on NT. Products can be: • • • VPN-1 FG1 RM or all The default is all.. enables the automatic restart of the specified product(s). FloodGate-1. cp_conf auto enable <product1><product2>. Products can be: • • • VPN-1 FG1 RM or all The default is all.. The following commands work on Unix machines only..Automatically Starting Check Point Modules Automatically Starting Check Point Modules The following functions report or set automatic states.. cp_conf auto disable <product1><product2>. disables the automatic restart of the specified product(s)... Chapter 2 API Functions 21 . Note ..

read only cp_conf admin del <user1><user2>. cp_conf client del <SMART_client1><SMART_client2>. cp_conf client add <SMART_client> cp_conf client add <SMART_client> adds one SMART Client at a time. cp_conf admin get cp_conf admin get returns the list of administrators currently defined.Administrators Administrators The following functions shows. deletes SMART Client(s). cp_conf admin del <user1><user2>. cp_conf client get cp_conf client get shows the SMART Client list. cp_conf admin add <username><passw><permissions> cp_conf admin add adds an Administrator to the list of Administrators.. cp_conf client del <SMART_client1><SMART_client2>.... deletes Administrators from the list of Administrators. adds or deletes administrators. Permissions can be: • • rw.read/write r.. SMART Clients The following functions allow the Administrator to manipulate SMART Clients.... 22 .

cp_conf finger get cp_conf finger get shows the finger print for a certificate. cp_conf snmp get cp_conf snmp get tells whether the SNMP status is active or inactive. Unless you choose the norestart flag. creates a new list of client(s) overriding a pre-existing list. cp_conf snmp deactivate [norestart] cp_conf snmp deactivate [norestart] deactivates SNMP.. Certificate Authority The following functions allow the Administrator to initialize certificate authority and show fingerprints.Certificate Authority cp_conf client createlist <SMART_client1><SMART_client2>... Chapter 2 API Functions 23 . VPN-1 will automatically restart. VPN-1 will automatically restart. cp_conf ca init cp_conf ca init initializes certificate authority. cp_conf client createlist <SMART_client1><SMART_client2>. cp_conf snmp activate [norestart] cp_conf snmp activate [norestart] activates SNMP. Unless you choose the norestart flag.. SNMP Extension The following functions allow the SNMP status and activate or deactivate SNMP.SNMP Extension commands are only available to Unix Machines. Note .

cp_conf -h cp_conf -h returns how cp_conf is being used. 24 .Fetch Certificate Authority Files Fetch Certificate Authority Files Before synchronization can occur between two managements. Usage The following functions return the usage for cp_conf or for a command. you must fetch the certificate authority (CA) files. cp_conf <cmd> -h cp_conf <cmd> -h returns a specific usage for the command. cp_conf fetch ca <management IP/name> cp_conf fetch ca <management IP/name> fetches the CA files.

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. LOSS OF USE. SPECIAL. The following statements refer to those portions of the software copyrighted by The OpenSSL Project. The following statements refer to those portions of the software copyrighted by University of Michigan. BUT NOT LIMITED TO. IN NO EVENT SHALL CMU BE LIABLE FOR ANY SPECIAL. DAMAGES OR OTHER LIABILITY. INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. LOSS OF USE. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. Inc. DATA. This software is provided “as is” without express or implied warranty. WHETHER IN CONTRACT. OR PROFITS. All rights reserved. NEGLIGENCE OR OTHER TORTIOUS ACTION. Entrust’s logos and Entrust product and service names are also trademarks of Entrust Technologies. WHETHER IN AN ACTION OF CONTRACT. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. BUT NOT LIMITED TO. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES.CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE. Entrust Technologies Limited is a wholly owned subsidiary of Entrust Technologies. DATA OR PROFITS. THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES. STRICT LIABILITY. EXPRESS OR IMPLIED. STRICT LIABILITY. INCIDENTAL. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. in the United States and other countries. EXEMPLARY. WHETHER IN CONTRACT. modify. INDIRECT. Copyright 1997 by Carnegie Mellon University. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES.org/). ARISING FROM. Copyright © Sax Software (terminal emulation only). TORT OR OTHERWISE. INCIDENTAL. provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. Verisign is a trademark of Verisign Inc.THIRD PARTY TRADEMARKS AND COPYRIGHTS Entrust is a registered trademark of Entrust Technologies. 25 . THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. The following statements refer to those portions of the software copyrighted by Carnegie Mellon University. EXEMPLARY. Portions of the software copyright © 1992-1996 Regents of the University of Michigan. FireWall-1 and SecuRemote incorporate certificate management technology from Entrust. copy. OR CONSEQUENTIAL DAMAGES (INCLUDING. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT.openssl. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www. BUT NOT LIMITED TO. IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM. The following statements refer to those portions of the software copyrighted by The Open Group. Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is given to the University of Michigan at Ann Arbor. DATA. WHETHER IN AN ACTION OF CONTRACT. Inc. SPECIAL. BUT NOT LIMITED TO. INCLUDING. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. OR PROFITS. written prior permission. OR CONSEQUENTIAL DAMAGES (INCLUDING. THE SOFTWARE IS PROVIDED "AS IS". INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE. INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT. The following statements refer to those portions of the software copyrighted by Eric Young. and distribute this software and its documentation for any purpose and without fee is hereby granted. INCLUDING. Copyright © 1998 The Open Group. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. WITHOUT WARRANTY OF ANY KIND. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Inc. Permission to use. INDIRECT. and that the name of CMU not be used in advertising or publicity pertaining to distribution of the software without specific. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. All Rights Reserved.

1999. Portions relating to GD2 format copyright 1999. including a commercial application. either version 2 of the License. 2001. Portions relating to PNG copyright 1999.apache. 1998. 1998. DAMAGES OR OTHER LIABILITY. 2000. modify. 2000. publish. free of charge.c copyright 2001. INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY. Permission has been granted to copy. 2002. sublicense. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 2002 by Cold Spring Harbor Laboratory. This program is distributed in the hope that it will be useful. 2002 Greg Roelofs. provided that this notice is present in user-accessible supporting documentation. but WITHOUT ANY WARRANTY. with respect to this code and accompanying documentation.4. 1997. Although their code does not appear in gd 2. Funded under Grant P41-RR02188 by the National Institutes of Health.You should have received a copy of the GNU General Public License along with this program.0 The curl license COPYRIGHT AND PERMISSION NOTICE Copyright (c) 1996 . 2002 Philip Warner. 1999. GDChart is free for use in your applications and for chart generation. modify. 2002 by Boutell. and to permit persons to whom the Software is furnished to do so. This notice may not be removed or altered from any source distribution. and distribute this software for any purpose with or without fee is hereby granted. Permission to use. Permission is hereby granted.org). copy. 1997. 2001. copy. Copyright. or (at your option) any later version. Portions relating to WBMP copyright 2000. write to the Free Software Foundation. 2002 John Ellson (ellson@graphviz. 2001. merge. The following statements refer to those portions of the software copyrighted by the Gnu Public License. without any express or implied warranty. Doug Becker and copyright (C) 1994. Cambridge." The copyright holders disclaim all warranties. including but not limited to implied warranties of merchantability and fitness for a particular purpose. <daniel@haxx. This software is based in part on the work of the Independent JPEG Group. an acknowledgment in the product documentation would be appreciated but is not required. Portions relating to JPEG and to color quantization copyright 2000. without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 2000. See the file README-JPEG. THE SOFTWARE IS PROVIDED "AS IS". 2000. 1998. to deal in the Software without restriction. and Hutchison Avenue Software Corporation for their prior contributions. Version 2.Com. Portions copyright 1994. 1996.org). Permission is granted to anyone to use this software for any purpose. including commercial applications. 2000. Bruce Verderaime. 2001. the authors wish to thank David Koblas.. Inc. This software is provided 'as-is'. If you have questions. 1996. and the intent is to assure proper credit for the authors of gd.org/licenses/LICENSE-2. 1995.The following statements refer to those portions of the software copyrighted by Jean-loup Gailly and Mark Adler Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler. The origin of this software must not be misrepresented.2004. TORT OR OTHERWISE. The following statements refer to those portions of the software copyrighted by Thai Open Source Software Center Ltd and Clark Cooper Copyright (c) 2001. subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. You may obtain a copy of the License at http://www. if not.c copyright 1999. Credit must be given in user-accessible documentation. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM.0 (the "License"). 2002 Expat maintainers. 2. 1999.0. distribute. Thomas G. 26 . 675 Mass Ave. 3. Any re-distributions of the code MUST reference the author. 2001. you must not claim that you wrote the original software. Daniel Stenberg. Portions relating to gdttf. ARISING FROM. This does not affect your ownership of the derived work itself. 1995. If you use this software in a product. Portions copyright 1996. Altered source versions must be plainly marked as such. you may not use this file except in compliance with the License.All rights reserved. MA 02139. not to interfere with your productive use of gd. subject to the following restrictions: 1. to any person obtaining a copy of this software and associated documentation files (the "Software"). This program is free software. 2001. 2001. ask. WHETHER IN AN ACTION OF CONTRACT. 2002 John Ellson (ellson@graphviz. In no event will the authors be held liable for any damages arising from the use of this software. 2001. 1998. 2001. USA. Lane. and/or sell copies of the Software. 1999. 2000. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. WITHOUT WARRANTY OF ANY KIND.TXT for more information. See the GNU General Public License for more details. 2000. "Derived works" includes all programs that utilize the library. 2002. 2002 Maurice Szmurlo and Johan Van den Brande.se>. and must not be misrepresented as being the original software. This software is provided "AS IS. Portions relating to gdft. and include any and all original documentation. provided that the above copyright notice and this permission notice appear in all copies. including without limitation the rights to use. EXPRESS OR IMPLIED. either express or implied. 1997. distribute and modify gd in any context without fee. you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation. Licensed under the Apache License. and to alter it and redistribute it freely. YOU MAY NOT re-distribute or represent the code as your own. Inc. David Rowley.

Redistribution and use in source and binary forms. Redistribution and use in source and binary forms. Once covered code has been published under a particular version of the license. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES. This product includes software written by Tim Hudson (tjh@cryptsoft.com). 2.co. this list of conditions and the following disclaimer. Redistributions of source code must retain the above copyright notice. the name of a copyright holder shall not be used in advertising or otherwise to promote the sale. with or without modification. The PHP Group may publish revised and/or new versions of the license from time to time.net/>". you may always continue to use it under the terms of that version. WHETHER IN AN ACTION OF CONTRACT. please see <http://www. BUT NOT LIMITED TO. No one other than the PHP Group has the right to modify the terms applicable to covered code created under this License. Copyright (c) 2003.2004 The PHP Group. freely available at <http://www. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. Chapter 27 . INDIRECT.zend. WHETHER IN CONTRACT. 3. freely available from <http://www. 6. Itai Tzur <itzur@actcom. with or without modification. OR CONSEQUENTIAL DAMAGES (INCLUDING. Redistributions in binary form must reproduce the above copyright notice.il> All rights reserved. without prior written permission from group@php. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. are permitted provided that the following conditions are met: Redistribution of source code must retain the above copyright notice. EXPRESS OR IMPLIED. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. OR PROFITS. The PHP License. INCLUDING. use or other dealings in this Software without prior written authorization of the copyright holder. 4. You may indicate that your software works in conjunction with PHP by saying "Foo for PHP" instead of calling it "PHP Foo" or "phpfoo" 5. DATA. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM. this list of conditions and the following disclaimer. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes PHP. ARISING FROM. EXEMPLARY. You may also choose to use such covered code under the terms of any subsequent version of the license published by the PHP Group. SPECIAL. For more information on the PHP Group and the PHP project. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE.net.php.0 Copyright (c) 1999 .net>. please contact group@php. STRICT LIABILITY. BUT NOT LIMITED TO. version 3. The name "PHP" must not be used to endorse or promote products derived from this software without prior written permission. DAMAGES OR OTHER LIABILITY. IN NO EVENT SHALL THE PHP DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT. INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY.net. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY.net. Neither the name of Itai Tzur nor the names of other contributors may be used to endorse or promote products derived from this software without specific prior written permission.com>. For written permission. TORT OR OTHERWISE. is permitted provided that the following conditions are met: 1. Products derived from this software may not be called "PHP". this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. This software consists of voluntary contributions made by many individuals on behalf of the PHP Group. INCIDENTAL. nor may "PHP" appear in their name.php. This product includes the Zend Engine. All rights reserved. WITHOUT WARRANTY OF ANY KIND. The PHP Group can be contacted via Email at group@php. Each version will be given a distinguishing version number.THE SOFTWARE IS PROVIDED "AS IS". Except as contained in this notice. LOSS OF USE.

California 94043. or disclosure by the Government is subject to restrictions as set forth in applicable laws and regulations. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. recording. Copyright © 2003.227-19 (Jun 1987). THE SOFTWARE IS PROVIDED "AS IS". Confidential Copyright Notice Except as stated herein. The names of actual companies and products mentioned herein may be Trademarks of their respective owners. perform. service marks. Use. republished. OR CONSEQUENTIAL DAMAGES (INCLUDING. WHETHER IN AN ACTION OF CONTRACT. without prior. Permission terminates automatically if any of these terms or condi-tions are breached. written permission. none of the material provided as a part of this document may be copied. mechanical. distribute and download the materials in this doc-ument for personal. including in advertising or publicity pertaining to distribution of. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. electronic. copy.S. Inc. Use of Trademarks as a "hot" link to any website is prohibited unless establishment of such a link is approved in advance in writing. the laws of privacy and publicity.227-7014 (Jun 1995)." Software and accompanying documentation are provided to the U. copy. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT. modify.THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES. release. DATA. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. distrib-uted. Alternative III (Jun 87) and paragraph (c)(2) of the Commer-cial Computer Software-Restricted Rights clause at FAR 52. or otherwise. The Trademarks may not be used in any way. distribute. non-commercial use only. or otherwise. EXEMPLARY. or that of the original creator. and logos (the "Trademarks") used and displayed in this document are registered and unregistered Trademarks of NextHop in the US and/or other countries. and to permit persons to whom the Software is furnished to do so. LOSS OF USE. sublicense. any downloaded and printed materials must be immediately destroyed. materials in this document. U. without the prior written permission of NextHop Technologies. 28 . publish. including without limitation the rights to use.S. subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. modify. The owners aggressively enforce their intellectual property rights to the fullest extent of the law. STRICT LIABILITY. 2004 NextHop Technologies. INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY. The Government's rights to use. Any unauthorized use of any material contained in this document may violate copyright laws. estoppel. BUT NOT LIMITED TO. merge. provided you do not modify the materials and that you retain all copy-right and other proprietary notices contained in the materials unless otherwise stated. duplication. No material contained in this document may be "mirrored" on any server without written permission of NextHop. photocopying. All rights reserved. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM. posted or transmitted in any form or by any means. any license or right to use any Trademark displayed in the document. INDIRECT. displayed. Upon termination. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. to any person obtaining a copy of this software and associated documentation files (the "Software"). OR PROFITS. downloaded. by implication. and the other restrictions and terms in paragraph (g)(3)(i) of Rights in Data-General clause at FAR 52. 1999. INCLUDING. government ("Government") in a transaction subject to the Federal Acquisition Regulations with Restricted Rights. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. including. display or disclose are restricted by paragraph (b)(3) of the Rights in Noncommercial Computer Software and Noncommercial Computer Soft-ware Documentation clause at DFAR 252. EXPRESS OR IMPLIED. +1 734 222 1600. including use. and communications regulations and statutes. reproduce. Any questions concerning the use of these Trademarks should be referred to NextHop at U. Permission is granted to display. Government Restricted Rights The material in document is provided with "RESTRICTED RIGHTS. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. Trademark Notice The trademarks. and/or sell copies of the Software. reproduced. trademark laws. BUT NOT LIMITED TO. Inc. SPECIAL. WITHOUT WARRANTY OF ANY KIND. INCIDENTAL. Nothing in this document should be construed as granting. but not lim-ited to. The Contractor/Licensor is NextHop located at 1911 Landings Drive. Copyright (c) 1998. or access to. ARISING FROM. Use of the material in this document by the Government constitutes acknowledgment of NextHop's proprietary rights in them. WHETHER IN CONTRACT. 2000 Thai Open Source Software Center Ltd Permission is hereby granted.227-14. to deal in the Software without restriction. TORT OR OTHERWISE. free of charge.S. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES. DAMAGES OR OTHER LIABILITY. Mountain View.

* Neither the name of the University of Cambridge nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. Redistribution and use in source and binary forms. * Redistributions in binary form must reproduce the above copyright notice. Chapter 29 . SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES. this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice. Release 5 of PCRE is distributed under the terms of the "BSD" licence. WHETHER IN CONTRACT. THE MATERIAL IN THIS DOCUMENT. SPECIAL. Cambridge. INCIDENTAL OR CONSEQUENTIAL DAMAGES. EXEMPLARY. BUT NOT LIMITED TO. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. BUT NOT LIMITED TO. YOU ASSUME ANY COSTS THEREOF. IMPLIED WARRANTIES OF MERCHANTABILITY. OR RELIABILITY OF. STRICT LIABILITY. INCLUDING. INCLUDING. The documentation for PCRE.uk> University of Cambridge Computing Service. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT. ACCURACY. INDIRECT. FITNESS FOR A PARTICULAR PURPOSE. supplied in the "doc" directory. OR THE RESULTS OF THE USE OF. NON INFRINGEMENT OR OTHER VIOLATION OF RIGHTS.9 Release PCRE LICENCE PCRE is a library of functions to support regular expressions whose syntax and semantics are as close as possible to those of the Perl 5 language. this list of conditions and the following disclaimer. REPAIR OR CORRECTION OF EQUIPMENT OR DATA. NEXTHOP DISCLAIMS ALL WARRANTIES. ARISING OUT OF THE USE. THE MATERIAL IN THIS DOCUMENT. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES. BUT NOT LIMITED TO. DATA. with or without modification. EXPRESSED OR IMPLIED. Theo de Raadt: the OpenBSD 2. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. Inc. Phone: +44 1223 334714. OR CONSEQUENTIAL DAMAGES (INCLUDING. as specified below. OR OTHERWISE RESPECTING. BIND: ISC Bind (Copyright (c) 2004 by Internet Systems Consortium. VALIDITY. NEITHER NEXTHOP NOR ANY OTHER PROVIDER OR DEVELOPER OF MATERIAL CONTAINED IN THIS DOCUMENT WARRANTS OR MAKES ANY REPRESEN-TATIONS REGARDING THE USE. Copyright (c) 1997-2004 University of Cambridge All rights reserved. LLC 1991-2002. BUT NOT LIMITED TO. is distributed under the same terms as the software itself. Written by: Philip Hazel <ph10@cam.ac. IF YOUR USE OF MATERIAL FROM THIS DOCUMENT RESULTS IN THE NEED FOR SERVICING. Limitation of Liability UNDER NO CIRCUMSTANCES SHALL NEXTHOP BE LIABLE FOR ANY DIRECT. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. EVEN IF NEXTHOP OR A NEXTHOP AUTHORIZED REPRESENTATIVE HAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. England. LOSS OF USE. INCLUDING. INCIDENTAL. SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT FULLY APPLY TO YOU. OR PROFITS.Disclaimer Warranty Disclaimer Warranty Disclaimer Warranty Disclaimer Warranty THE MATERIAL IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND EITHER EXPRESS OR IMPLIED. ("ISC")) Copyright 1997-2001. LOSS OF DATA OR PROFIT. All Rights Reserved. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. OR THE INABILITY TO USE. SPECIAL. TO THE FULLEST EXTENT POSSIBLE PURSUANT TO THE APPLICABLE LAW. Copyright © ComponentOne. INDIRECT.

30 .

.... 22 client get 22 fetch ca <target> 24 finger get 23 -h 24 ha enable/disable [norestart] 19 lic add -f <file name> 19 lic add -m <host><date><string><fea tures> 19 lic delete <license signature> 19 lic get 19 sic state 20 snmp activate[norestart] 23 enable or disable High Availability Module 19 F first running 14 I installation requirements 14 S sic cert_pull<management name IP><module object name> 20 sic init <passw> [norestart] 20 June 2006 31 . 21 ca init 23 client add <gui_client> 22 client createlist <SMART_client1><SMAR T_client2>... 23 client del <gui_client1><gui_client2 >.. 22 admin get 22 auto disable <product1><product2>.Index A API overview 15 auto get [fw1] [fg1][rt] [all] 21 snmp deactivate[norestart] 23 snmp get 23 E C cp_conf <cmd> -h 24 admin add [<username><passw>[c]<permissions>] 22 admin del <user1><user2>... 21 auto enable<product1><produc t2>..

32 .