OPSEC

Check Point™ Command Line Cpconfig
OPSEC SDK 6.0

May 2006

© 2003-2006 Check Point Software Technologies Ltd.
All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: ©2003-2006 Check Point Software Technologies Ltd. All rights reserved. Check Point, Application Intelligence, Check Point Express, the Check Point logo, AlertAdvisor, ClusterXL, Cooperative Enforcement, ConnectControl, Connectra, CoSa, Cooperative Security Alliance, Eventia, Eventia Analyzer, FireWall-1, FireWall-1 GX, FireWall-1 SecureServer, FloodGate-1, Hacker ID, IMsecure, INSPECT, INSPECT XL, Integrity, InterSpect, IQ Engine, Open Security Extension, OPSEC, Policy Lifecycle Management, Provider-1, Safe@Home, Safe@Office, SecureClient, SecureKnowledge, SecurePlatform, SecuRemote, SecureXL Turbocard, SecureServer, SecureUpdate, SecureXL, SiteManager-1, SmartCenter, SmartCenter Pro, Smarter Security, SmartDashboard, SmartDefense, SmartLSM, SmartMap, SmartUpdate, SmartView, SmartView Monitor, SmartView Reporter, SmartView Status, SmartViewTracker, SofaWare, SSL Network Extender, Stateful Clustering, TrueVector, Turbocard, UAM, User-to-Address Mapping, UserAuthority, VPN-1, VPN-1 Accelerator Card, VPN-1 Edge, VPN-1 Pro, VPN-1 SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, VPN-1 VSX, VPN-1 XL, Web Intelligence, ZoneAlarm, ZoneAlarm Pro, Zone Labs, and the Zone Labs logo, are trademarks or registered trademarks of Check Point Software Technologies Ltd. or its affiliates. All other product names mentioned herein are trademarks or registered trademarks of their respective owners. The products described in this document are protected by U.S. Patent No. 5,606,668, 5,835,726, 6,496,935 and 6,850,943 and may be protected by other U.S. Patents, foreign patents, or pending applications.

For third party notices, see “THIRD PARTY TRADEMARKS AND COPYRIGHTS” on page 25.

.

............................................................... 24 Usage ................................. 18 Functions................... 14 Programming Model ........... 10 Chapter 1 Introduction Overview .......................................................................................................................................................................................................... 14 Installation Requirements......................... 21 Administrators ........................................................................................................................................................................................................................................................................................... 31 Table of Contents 5 ............................... 23 Fetch Certificate Authority Files ..................................................................... 14 Cpconfig API Overview ............................................... 22 SMART Clients ........................ 22 Certificate Authority ........ 19 Enable or Disable High Availability Module............................................................. 8 Summary of Contents ...........................................................................................Contents Preface Who Should Use This Guide......................................... 24 Index......................................................................................... 9 What Typographic Variations Mean ............................................................................................................ 23 SNMP Extension..................................................................................... 20 Automatically Starting Check Point Modules.................. 19 Secure Internal Communication (SIC) ......................................................................................................... 15 Chapter 2 API Functions Overview ....................................................................................................................................................................... 19 Licensing ...............................................................................................................

6 .

Preface Preface P page 8 page 9 page 10 In This Chapter Who Should Use This Guide Summary of Contents What Typographic Variations Mean 7 .

This API specification is written for developers who write software to enhance the network security provided by VPN-1. It assumes that you have read the Check Point OPSEC API Specification.Who Should Use This Guide Who Should Use This Guide This document describes the Command Line Cpconfig. It also assumes that you have a basic understanding and a working knowledge of the following: • • • • • • system and network security the VPN-1 product system and network administration the C and/or C++ programming language the Unix or Windows operating system Internet protocols 8 .

“API Functions” Description This chapter introduces the concepts associated with cpconfig. exit with 0.Summary of Contents Summary of Contents This guide contains the following chapters: Chapter Chapter 1. Preface 9 . “Introduction” Chapter 2. This chapter describes the functions provided by the cpconfig command line. All functions print results to stdout and upon success.

code same as above. but with emphasis Text that appears on an object in a window Replace the angle brackets and the text they contain with your text. on-screen computer output. Lines of data or code omitted from example Example Edit your .x x .What Typographic Variations Mean What Typographic Variations Mean The following table describes the typographic variations used in this book. <your text> Edit the file <FWDIR>\lib\yourfile. machine_name% You have mail. . line n 10 . session = sam_new_session (client. Use ls -a to list all files. files. . server). . TABLE P-1 Typographic Conventions Typeface or Symbol Meaning The names of commands. server). Click on the Save AaBbCc123 AaBbCc123 Save button.login file. line 1 line 2 . . and directories. session = sam_new_session (client.

List of optional items Choose one of the items. [item2] item1 | item2 | item3 italic Preface 11 . Specific values will be shown in italics Example dir [/o] dir [/o] [/w] [/s] copy infile1 | infile1 + infile2 |infile1 + infile2 + infile3 outfile one of addnet | addapp [item] [item1] ...What Typographic Variations Mean TABLE P-1 Typographic Conventions(continued) Typeface or Symbol Meaning The item is optional.

What Typographic Variations Mean 12 .

Chapter Introduction In This Chapter Overview Cpconfig API Overview 1 page 14 page 15 13 .

14 . This document explains how to use the cpconfig command line.Overview Overview Command line cpconfig allows remote configuration of an existing VPN-1 installation so third party companies can write their own web interface. Programming Model These commands are available for use after the first running of cpconfig. Installation Requirements The Administrator must be root in order to run these commands.

activate/deactivate SNMP (Unix only) fetch the certificate authority files provides specific usage for a command page 19 19 SIC Automatically Starting Check Point Modules Administrators SMART Clients Certificate Authority 20 21 22 22 23 SNMP Extension 23 Fetch CA Files Usage 24 24 Chapter 1 Introduction 15 .Cpconfig API Overview Cpconfig API Overview The functions in cpconfig that are supported in the command line include both SmartCenter and module functions. All functions print their results to stdout and exit with 0 on success. Table 1-1 Overview of API functions function section title License Enable/Disable High Availability general purpose retrieving or adding licensing enables or disables Check Point High Availability Module/Status Synchronization Secure Internal Communication automatically starts Check Point Modules (Unix only) returns or allows editing of Administrators for manipulating GUI clients initialize certificate authority or show a certificate’s fingerprint get SNMP status.

Cpconfig API Overview 16 .

Chapter API Functions In This Chapter Overview Functions Licensing Enable or Disable High Availability Module Secure Internal Communication (SIC) Automatically Starting Check Point Modules Administrators SMART Clients Certificate Authority SNMP Extension Fetch Certificate Authority Files Usage 2 page 18 page 19 page 19 page 19 page 20 page 21 page 22 page 22 page 23 page 23 page 24 page 24 17 .

Overview Overview This chapter describes the functions provided by the cpconfig command line. 18 . All functions print results to stdout and upon success. exit with 0.

cp_conf lic delete <license signature> cp_conf lic delete <license signature> deletes a license from a license file. cp_conf lic get cp_conf lic get shows which licenses are currently installed on the machine from all Check Point products. Licensing The following functions show which licenses are installed and how to add or delete licenses. After enabling or disabling the High Availability Module the Administrator will receive the following message: Chapter 2 API Functions 19 . Each function is organized in a group under a logical topic heading. cp_conf lic add -m <host><date><string><features> cp_conf lic add -m <host><date><string><features> adds a license manually.Functions Functions The following are functions that can be used to increase flexibility via the cpconfig command line. cp_conf ha enable/disable [norestart] cp_conf ha enable enables the High Availability Module.com. cp_conf lic add -f <file name> cp_conf lic add -f <file name> adds licenses from a license file. cp_conf ha disable disables the High Availability Module. The license file should be copied to the remotely configured module. Enable or Disable High Availability Module The following functions enable or disable the High Availability Module. The license file is provided when purchasing licenses via a licensing center. For further information on licensing centers see: http://www.opsec.

SIC is reset and the new password is set. 20 . Without the norestart flag the command will automatically restart the Check Point Modules (the command will perform cpstop).The norestart flag has no meaning on NT. you must reboot your machine! Note . cp_conf sic cert_pull<management name/IP><module object name> In case of a dynamic address gateway (DAG) machine. or if trust was established. Secure Internal Communication (SIC) The following functions initialize SIC or show the current SIC state. cp_conf sic state cp_conf sic state shows the current SIC state. cp_conf sic init <passw> [norestart] cp_conf sic init <passw> [norestart] initializes SIC. If SIC was already initialized.Secure Internal Communication (SIC) Warning: In order for the changes to take place. this command pulls the certificate from the management selected in the command. The <modules obj name> is the object name defined in the management.

. The following commands work on Unix machines only. disables the automatic restart of the specified product(s).Automatically Starting Check Point Modules Automatically Starting Check Point Modules The following functions report or set automatic states.. FloodGate-1.. cp_conf auto enable <product1><product2>. Note ... cp_conf auto disable <product1><product2>. cp_conf auto enable <product1><product2>. Chapter 2 API Functions 21 .. cp_conf auto get [fw1] [fg1][rm] [all] cp_conf auto get [fw1][fg1][rm][all] returns the state of automatic restart for: • • • • VPN-1. enables the automatic restart of the specified product(s). Products can be: • • • VPN-1 FG1 RM or all The default is all. Products can be: • • • VPN-1 FG1 RM or all The default is all.. cp_conf auto disable <product1><product2>.. SmartView Reporter or all products installed The default is all.The norestart flag has no meaning on NT.

. adds or deletes administrators. deletes SMART Client(s). cp_conf client del <SMART_client1><SMART_client2>. SMART Clients The following functions allow the Administrator to manipulate SMART Clients... 22 . cp_conf admin del <user1><user2>. cp_conf admin add <username><passw><permissions> cp_conf admin add adds an Administrator to the list of Administrators.. cp_conf client del <SMART_client1><SMART_client2>. cp_conf client get cp_conf client get shows the SMART Client list. Permissions can be: • • rw.. deletes Administrators from the list of Administrators.. cp_conf admin get cp_conf admin get returns the list of administrators currently defined.. cp_conf client add <SMART_client> cp_conf client add <SMART_client> adds one SMART Client at a time.read/write r.Administrators Administrators The following functions shows..read only cp_conf admin del <user1><user2>.

cp_conf snmp deactivate [norestart] cp_conf snmp deactivate [norestart] deactivates SNMP. creates a new list of client(s) overriding a pre-existing list. VPN-1 will automatically restart.SNMP Extension commands are only available to Unix Machines. Note .Certificate Authority cp_conf client createlist <SMART_client1><SMART_client2>. cp_conf client createlist <SMART_client1><SMART_client2>. Chapter 2 API Functions 23 . cp_conf finger get cp_conf finger get shows the finger print for a certificate. Unless you choose the norestart flag.... SNMP Extension The following functions allow the SNMP status and activate or deactivate SNMP. Unless you choose the norestart flag. cp_conf snmp get cp_conf snmp get tells whether the SNMP status is active or inactive. VPN-1 will automatically restart. cp_conf ca init cp_conf ca init initializes certificate authority.. Certificate Authority The following functions allow the Administrator to initialize certificate authority and show fingerprints. cp_conf snmp activate [norestart] cp_conf snmp activate [norestart] activates SNMP.

Usage The following functions return the usage for cp_conf or for a command. cp_conf -h cp_conf -h returns how cp_conf is being used. cp_conf <cmd> -h cp_conf <cmd> -h returns a specific usage for the command. cp_conf fetch ca <management IP/name> cp_conf fetch ca <management IP/name> fetches the CA files.Fetch Certificate Authority Files Fetch Certificate Authority Files Before synchronization can occur between two managements. you must fetch the certificate authority (CA) files. 24 .

ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. IN NO EVENT SHALL THE OPEN GROUP BE LIABLE FOR ANY CLAIM. SPECIAL. SPECIAL. Redistribution and use in source and binary forms are permitted provided that this notice is preserved and that due credit is given to the University of Michigan at Ann Arbor. Permission to use. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. WHETHER IN AN ACTION OF CONTRACT. Inc. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. FireWall-1 and SecuRemote incorporate certificate management technology from Entrust. INDIRECT. BUT NOT LIMITED TO. OR PROFITS. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. INDIRECT. provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation. INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT. and that the name of CMU not be used in advertising or publicity pertaining to distribution of the software without specific. The following statements refer to those portions of the software copyrighted by The OpenSSL Project. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. IN NO EVENT SHALL CMU BE LIABLE FOR ANY SPECIAL. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www. in the United States and other countries. LOSS OF USE. 25 . OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. DAMAGES OR OTHER LIABILITY. INCLUDING. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.openssl. written prior permission. OR CONSEQUENTIAL DAMAGES (INCLUDING. All rights reserved. LOSS OF USE. Entrust’s logos and Entrust product and service names are also trademarks of Entrust Technologies. DATA OR PROFITS. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES. Portions of the software copyright © 1992-1996 Regents of the University of Michigan. EXEMPLARY.org/). copy. Verisign is a trademark of Verisign Inc. THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY * EXPRESSED OR IMPLIED WARRANTIES. The name of the University may not be used to endorse or promote products derived from this software without specific prior written permission. WHETHER IN AN ACTION OF CONTRACT. INCLUDING. modify. INCIDENTAL. Copyright 1997 by Carnegie Mellon University. and distribute this software and its documentation for any purpose and without fee is hereby granted. NEGLIGENCE OR OTHER TORTIOUS ACTION. INCIDENTAL. THE SOFTWARE IS PROVIDED "AS IS". Copyright © 1998 The Open Group. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. BUT NOT LIMITED TO. Inc. DATA. All Rights Reserved. Entrust Technologies Limited is a wholly owned subsidiary of Entrust Technologies. OR CONSEQUENTIAL DAMAGES (INCLUDING. Inc. The following statements refer to those portions of the software copyrighted by Carnegie Mellon University. DATA. EXPRESS OR IMPLIED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. STRICT LIABILITY. BUT NOT LIMITED TO. WHETHER IN CONTRACT. INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY. This software is provided “as is” without express or implied warranty. ARISING FROM. OR PROFITS. The following statements refer to those portions of the software copyrighted by Eric Young. The following statements refer to those portions of the software copyrighted by University of Michigan. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. WITHOUT WARRANTY OF ANY KIND. Copyright © Sax Software (terminal emulation only). The following statements refer to those portions of the software copyrighted by The Open Group.THIRD PARTY TRADEMARKS AND COPYRIGHTS Entrust is a registered trademark of Entrust Technologies. EXEMPLARY. WHETHER IN CONTRACT. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES.CMU DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE. TORT OR OTHERWISE. BUT NOT LIMITED TO. STRICT LIABILITY.

Licensed under the Apache License. either express or implied. TORT OR OTHERWISE. David Rowley.0 The curl license COPYRIGHT AND PERMISSION NOTICE Copyright (c) 1996 . 2002 Expat maintainers. EXPRESS OR IMPLIED. 2001. Daniel Stenberg.org). including without limitation the rights to use. 1995. 3. <daniel@haxx. Portions relating to PNG copyright 1999. THE SOFTWARE IS PROVIDED "AS IS". Permission has been granted to copy. Permission is granted to anyone to use this software for any purpose. write to the Free Software Foundation. an acknowledgment in the product documentation would be appreciated but is not required. 1997. Although their code does not appear in gd 2. subject to the following restrictions: 1. The origin of this software must not be misrepresented. Credit must be given in user-accessible documentation.2004. free of charge. you must not claim that you wrote the original software. 675 Mass Ave. "Derived works" includes all programs that utilize the library. and Hutchison Avenue Software Corporation for their prior contributions. distribute. Copyright. Doug Becker and copyright (C) 1994. 2002 by Cold Spring Harbor Laboratory. and to permit persons to whom the Software is furnished to do so. Portions relating to JPEG and to color quantization copyright 2000. Portions copyright 1994. Portions relating to WBMP copyright 2000.Com. Any re-distributions of the code MUST reference the author. modify. 2002. 2000. Permission is hereby granted. 2001. not to interfere with your productive use of gd. if not. USA. 2002 John Ellson (ellson@graphviz. 1997.apache.. with respect to this code and accompanying documentation. 2002 John Ellson (ellson@graphviz. 2001. Portions relating to GD2 format copyright 1999. including a commercial application. modify. Cambridge. This does not affect your ownership of the derived work itself. the authors wish to thank David Koblas. ask. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM. 2001. 2002 by Boutell. 1999. If you use this software in a product. Portions relating to gdft. 2000. and include any and all original documentation. 2000. to any person obtaining a copy of this software and associated documentation files (the "Software"). This software is provided 'as-is'.The following statements refer to those portions of the software copyrighted by Jean-loup Gailly and Mark Adler Copyright (C) 1995-2002 Jean-loup Gailly and Mark Adler.se>. you may not use this file except in compliance with the License. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 1999. and/or sell copies of the Software.c copyright 2001. GDChart is free for use in your applications and for chart generation. 2001. Inc. 1995. 2000. and distribute this software for any purpose with or without fee is hereby granted. 2000. 2002 Philip Warner. Portions relating to gdttf. 1999. This program is free software.You should have received a copy of the GNU General Public License along with this program. 1998. Lane. publish. DAMAGES OR OTHER LIABILITY. Funded under Grant P41-RR02188 by the National Institutes of Health. 1996. YOU MAY NOT re-distribute or represent the code as your own. ARISING FROM. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Inc.org). See the file README-JPEG. and the intent is to assure proper credit for the authors of gd. Permission to use. MA 02139. 1998. 2001. 2002. This software is based in part on the work of the Independent JPEG Group.TXT for more information.org/licenses/LICENSE-2. Version 2. 1996. 2001. 2002 Maurice Szmurlo and Johan Van den Brande. copy. 2000. Bruce Verderaime." The copyright holders disclaim all warranties. 1999. provided that this notice is present in user-accessible supporting documentation. provided that the above copyright notice and this permission notice appear in all copies. sublicense. This software is provided "AS IS.0. 26 . and to alter it and redistribute it freely. 2002 Greg Roelofs. INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY. 1997. This notice may not be removed or altered from any source distribution. you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation. If you have questions. See the GNU General Public License for more details. and must not be misrepresented as being the original software. 2001. Altered source versions must be plainly marked as such. Thomas G. You may obtain a copy of the License at http://www. 1998. but WITHOUT ANY WARRANTY. distribute and modify gd in any context without fee. without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Portions copyright 1996.4. This program is distributed in the hope that it will be useful.0 (the "License"). WITHOUT WARRANTY OF ANY KIND.c copyright 1999. subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. including but not limited to implied warranties of merchantability and fitness for a particular purpose. or (at your option) any later version. to deal in the Software without restriction.All rights reserved. The following statements refer to those portions of the software copyrighted by Thai Open Source Software Center Ltd and Clark Cooper Copyright (c) 2001. including commercial applications. 2000. 2001. The following statements refer to those portions of the software copyrighted by the Gnu Public License. 1998. 2. merge. WHETHER IN AN ACTION OF CONTRACT. without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. either version 2 of the License. copy.

WITHOUT WARRANTY OF ANY KIND.php. 6. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. are permitted provided that the following conditions are met: Redistribution of source code must retain the above copyright notice. The name "PHP" must not be used to endorse or promote products derived from this software without prior written permission. For written permission. You may also choose to use such covered code under the terms of any subsequent version of the license published by the PHP Group. Redistributions of source code must retain the above copyright notice. Products derived from this software may not be called "PHP". OR CONSEQUENTIAL DAMAGES (INCLUDING. Each version will be given a distinguishing version number.php. 3. the name of a copyright holder shall not be used in advertising or otherwise to promote the sale. STRICT LIABILITY. Redistribution and use in source and binary forms. use or other dealings in this Software without prior written authorization of the copyright holder. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes PHP.com). INCLUDING. INCIDENTAL. INDIRECT. is permitted provided that the following conditions are met: 1. All rights reserved.il> All rights reserved. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. The PHP Group can be contacted via Email at group@php.com>. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. 4.THE SOFTWARE IS PROVIDED "AS IS".net. This software consists of voluntary contributions made by many individuals on behalf of the PHP Group. you may always continue to use it under the terms of that version. freely available from <http://www. For more information on the PHP Group and the PHP project. freely available at <http://www. INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY.net/>". This product includes software written by Tim Hudson (tjh@cryptsoft.net. Redistributions in binary form must reproduce the above copyright notice. THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES. Itai Tzur <itzur@actcom.net. WHETHER IN CONTRACT. OR PROFITS. EXPRESS OR IMPLIED. This product includes the Zend Engine. without prior written permission from group@php. IN NO EVENT SHALL THE PHP DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT. this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. this list of conditions and the following disclaimer. Copyright (c) 2003. DATA.0 Copyright (c) 1999 . EXEMPLARY. this list of conditions and the following disclaimer.zend. The PHP Group may publish revised and/or new versions of the license from time to time. LOSS OF USE. WHETHER IN AN ACTION OF CONTRACT. with or without modification. Redistribution and use in source and binary forms. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. with or without modification. 2. No one other than the PHP Group has the right to modify the terms applicable to covered code created under this License. please contact group@php. BUT NOT LIMITED TO.co. Once covered code has been published under a particular version of the license. ARISING FROM. please see <http://www. nor may "PHP" appear in their name. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES. You may indicate that your software works in conjunction with PHP by saying "Foo for PHP" instead of calling it "PHP Foo" or "phpfoo" 5. The PHP License. version 3. Neither the name of Itai Tzur nor the names of other contributors may be used to endorse or promote products derived from this software without specific prior written permission. Chapter 27 . SPECIAL. BUT NOT LIMITED TO. DAMAGES OR OTHER LIABILITY.2004 The PHP Group. TORT OR OTHERWISE. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Except as contained in this notice. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.net>.

EXEMPLARY. sublicense. reproduced. merge. republished. The Trademarks may not be used in any way. by implication. without prior. OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Any questions concerning the use of these Trademarks should be referred to NextHop at U. display or disclose are restricted by paragraph (b)(3) of the Rights in Noncommercial Computer Software and Noncommercial Computer Soft-ware Documentation clause at DFAR 252. displayed. without the prior written permission of NextHop Technologies. Trademark Notice The trademarks. or that of the original creator. to deal in the Software without restriction. SPECIAL. INCIDENTAL. government ("Government") in a transaction subject to the Federal Acquisition Regulations with Restricted Rights. WITHOUT WARRANTY OF ANY KIND. Inc. written permission.S. The owners aggressively enforce their intellectual property rights to the fullest extent of the law. Upon termination. copy. or access to. LOSS OF USE. 2004 NextHop Technologies. and communications regulations and statutes. WHETHER IN CONTRACT. photocopying. Copyright (c) 1998. OR CONSEQUENTIAL DAMAGES (INCLUDING. STRICT LIABILITY. none of the material provided as a part of this document may be copied. materials in this document. INCLUDING. THE SOFTWARE IS PROVIDED "AS IS".227-19 (Jun 1987). Use of the material in this document by the Government constitutes acknowledgment of NextHop's proprietary rights in them. publish. BUT NOT LIMITED TO. any downloaded and printed materials must be immediately destroyed. including use. including.S. or disclosure by the Government is subject to restrictions as set forth in applicable laws and regulations. Copyright © 2003. FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. DATA. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. The Government's rights to use. including without limitation the rights to use. and the other restrictions and terms in paragraph (g)(3)(i) of Rights in Data-General clause at FAR 52. modify. but not lim-ited to. OR PROFITS. EXPRESS OR IMPLIED. 2000 Thai Open Source Software Center Ltd Permission is hereby granted. Permission is granted to display. duplication.S. INDIRECT. or otherwise. Alternative III (Jun 87) and paragraph (c)(2) of the Commer-cial Computer Software-Restricted Rights clause at FAR 52. Mountain View. trademark laws. and logos (the "Trademarks") used and displayed in this document are registered and unregistered Trademarks of NextHop in the US and/or other countries. The Contractor/Licensor is NextHop located at 1911 Landings Drive. and to permit persons to whom the Software is furnished to do so. Permission terminates automatically if any of these terms or condi-tions are breached. downloaded. modify. distribute. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. Nothing in this document should be construed as granting. TORT OR OTHERWISE. Confidential Copyright Notice Except as stated herein. Government Restricted Rights The material in document is provided with "RESTRICTED RIGHTS. +1 734 222 1600. U. estoppel. subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. Any unauthorized use of any material contained in this document may violate copyright laws. 1999. INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY. Use. reproduce. service marks. mechanical.227-14. BUT NOT LIMITED TO. WHETHER IN AN ACTION OF CONTRACT. and/or sell copies of the Software. The names of actual companies and products mentioned herein may be Trademarks of their respective owners. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM. posted or transmitted in any form or by any means. free of charge. release. distrib-uted. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. copy. provided you do not modify the materials and that you retain all copy-right and other proprietary notices contained in the materials unless otherwise stated. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT. or otherwise. recording. non-commercial use only. All rights reserved. perform. Inc. electronic. the laws of privacy and publicity. including in advertising or publicity pertaining to distribution of.227-7014 (Jun 1995).THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES. 28 . ARISING FROM. No material contained in this document may be "mirrored" on any server without written permission of NextHop. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. distribute and download the materials in this doc-ument for personal. Use of Trademarks as a "hot" link to any website is prohibited unless establishment of such a link is approved in advance in writing. any license or right to use any Trademark displayed in the document." Software and accompanying documentation are provided to the U. California 94043. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES. to any person obtaining a copy of this software and associated documentation files (the "Software"). DAMAGES OR OTHER LIABILITY.

LOSS OF USE. with or without modification. OR RELIABILITY OF. OR PROFITS. The documentation for PCRE. Inc. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES. INCLUDING. BIND: ISC Bind (Copyright (c) 2004 by Internet Systems Consortium. England. TO THE FULLEST EXTENT POSSIBLE PURSUANT TO THE APPLICABLE LAW. LLC 1991-2002. INCIDENTAL OR CONSEQUENTIAL DAMAGES. DATA. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES. Phone: +44 1223 334714. INCIDENTAL. INCLUDING. BUT NOT LIMITED TO. BUT NOT LIMITED TO. THE MATERIAL IN THIS DOCUMENT. ARISING OUT OF THE USE. this list of conditions and the following disclaimer. Cambridge.ac. EXEMPLARY. * Redistributions in binary form must reproduce the above copyright notice. INDIRECT. OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE. NON INFRINGEMENT OR OTHER VIOLATION OF RIGHTS. this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT. LOSS OF DATA OR PROFIT. FITNESS FOR A PARTICULAR PURPOSE.9 Release PCRE LICENCE PCRE is a library of functions to support regular expressions whose syntax and semantics are as close as possible to those of the Perl 5 language. as specified below. IMPLIED WARRANTIES OF MERCHANTABILITY. All Rights Reserved. VALIDITY. THE MATERIAL IN THIS DOCUMENT. STRICT LIABILITY. BUT NOT LIMITED TO. OR THE INABILITY TO USE.uk> University of Cambridge Computing Service.Disclaimer Warranty Disclaimer Warranty Disclaimer Warranty Disclaimer Warranty THE MATERIAL IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTIES OF ANY KIND EITHER EXPRESS OR IMPLIED. Redistribution and use in source and binary forms. EXPRESSED OR IMPLIED. is distributed under the same terms as the software itself. SPECIAL. NEITHER NEXTHOP NOR ANY OTHER PROVIDER OR DEVELOPER OF MATERIAL CONTAINED IN THIS DOCUMENT WARRANTS OR MAKES ANY REPRESEN-TATIONS REGARDING THE USE. NEXTHOP DISCLAIMS ALL WARRANTIES. Limitation of Liability UNDER NO CIRCUMSTANCES SHALL NEXTHOP BE LIABLE FOR ANY DIRECT. Release 5 of PCRE is distributed under the terms of the "BSD" licence. WHETHER IN CONTRACT. * Neither the name of the University of Cambridge nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. Theo de Raadt: the OpenBSD 2. are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice. BUT NOT LIMITED TO. OR CONSEQUENTIAL DAMAGES (INCLUDING. SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT FULLY APPLY TO YOU. SPECIAL. IF YOUR USE OF MATERIAL FROM THIS DOCUMENT RESULTS IN THE NEED FOR SERVICING. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY. THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. INCLUDING. ACCURACY. Copyright © ComponentOne. EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. OR OTHERWISE RESPECTING. REPAIR OR CORRECTION OF EQUIPMENT OR DATA. supplied in the "doc" directory. YOU ASSUME ANY COSTS THEREOF. INDIRECT. Written by: Philip Hazel <ph10@cam. EVEN IF NEXTHOP OR A NEXTHOP AUTHORIZED REPRESENTATIVE HAS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. OR THE RESULTS OF THE USE OF. Chapter 29 . Copyright (c) 1997-2004 University of Cambridge All rights reserved. ("ISC")) Copyright 1997-2001. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES.

30 .

.. 22 admin get 22 auto disable <product1><product2>.Index A API overview 15 auto get [fw1] [fg1][rt] [all] 21 snmp deactivate[norestart] 23 snmp get 23 E C cp_conf <cmd> -h 24 admin add [<username><passw>[c]<permissions>] 22 admin del <user1><user2>. 23 client del <gui_client1><gui_client2 >....... 22 client get 22 fetch ca <target> 24 finger get 23 -h 24 ha enable/disable [norestart] 19 lic add -f <file name> 19 lic add -m <host><date><string><fea tures> 19 lic delete <license signature> 19 lic get 19 sic state 20 snmp activate[norestart] 23 enable or disable High Availability Module 19 F first running 14 I installation requirements 14 S sic cert_pull<management name IP><module object name> 20 sic init <passw> [norestart] 20 June 2006 31 . 21 auto enable<product1><produc t2>... 21 ca init 23 client add <gui_client> 22 client createlist <SMART_client1><SMAR T_client2>.

32 .