execute vpn
vpn
This topic includes the following commands:
- execute vpn certificate ca export tftp
- execute vpn certificate ca import auto
- execute vpn certificate ca import bundle
- execute vpn certificate ca import tftp
- execute vpn certificate crl import auto
- execute vpn certificate ems_ca import tftp
- execute vpn certificate local export tftp
- execute vpn certificate local generate cmp
- execute vpn certificate local generate default-gui-mgmt-cert
- execute vpn certificate local generate default-ssl-ca
- execute vpn certificate local generate default-ssl-ca-untrusted
- execute vpn certificate local generate default-ssl-key-certs
- execute vpn certificate local generate default-ssl-serv-key
- execute vpn certificate local generate ec
- execute vpn certificate local generate rsa
- execute vpn certificate local import tftp
- execute vpn certificate local verify
- execute vpn certificate remote export tftp
- execute vpn certificate remote import tftp
- execute vpn ikecrypt dhperf compute
- execute vpn ikecrypt dhperf generate
- execute vpn ipsec tunnel down
- execute vpn ipsec tunnel up
- execute vpn sslvpn del-all
- execute vpn sslvpn del-tunnel
- execute vpn sslvpn del-web
- execute vpn sslvpn list
execute vpn certificate ca export tftp
Export CA certificate to a TFTP server.
execute vpn certificate ca export tftp <string> <string> <ip>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
CA certificate name. |
string |
|
|
<string> |
File name on the TFTP server. |
string |
|
|
<ip> |
IP address of TFTP server. |
string |
|
execute vpn certificate ca import auto
Import CA certificate via SCEP.
execute vpn certificate ca import auto <string> <string> <ip> <fingerprint>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
URL of the CA server. |
string |
|
|
<string> |
CA Identifier (optional). |
string |
|
|
<ip> |
Source-IP for communications to the CA server (optional). |
string |
|
|
<fingerprint> |
Fingerprint for authenticating CA certificate from server (optional). |
string |
|
execute vpn certificate ca import bundle
Import certificate bundle from a TFTP server.
execute vpn certificate ca import bundle <string> <ip>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
File name on the TFTP server. |
string |
|
|
<ip> |
IP address of TFTP server. |
string |
|
execute vpn certificate ca import tftp
Import CA certificate from a TFTP server.
execute vpn certificate ca import tftp <string> <tftp server>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
File name on the TFTP server. |
string |
|
|
<tftp server> |
TFTP server IPv4, IPv6, or FQDN. |
string |
|
execute vpn certificate crl import auto
Update CRL.
execute vpn certificate crl import auto <string>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
CRL name. |
string |
|
execute vpn certificate ems_ca import tftp
Import Testing EMS CA certificate from a TFTP server.
execute vpn certificate ems_ca import tftp <string> <tftp server>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
File name on the TFTP server. |
string |
|
|
<tftp server> |
TFTP server IPv4, IPv6, or FQDN. |
string |
|
execute vpn certificate local export tftp
Export local certificate or certificate request to a TFTP server.
execute vpn certificate local export tftp <string> <string> <string> <tftp server>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
Local certificate name. |
string |
|
|
<string> |
Certificate file type ('cer'|'p12'|'csr'). |
string |
|
|
<string> |
File name on the TFTP server. |
string |
|
|
<tftp server> |
TFTP server IPv4, IPv6, or FQDN. |
string |
|
execute vpn certificate local generate cmp
Generate a certificate request over CMPv2.
execute vpn certificate local generate cmp <string> <number> <string> <string> <string> <string> <string> <string> <string> <string> <ip>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
Local certificate name. |
string |
|
|
<number> |
Key size: 1024, 1536, 2048, 4096. |
string |
|
|
<string> |
Server ('ADDRESS:PORT' for CMP server, add 'https://' before address to enable ssl/tls). |
string |
|
|
<string> |
Path (Path location inside CMP server) |
string |
|
|
<string> |
SrvCert (CMDB name of CMP server's certificate/root-CA) |
string |
|
|
<string> |
AuthCert (CMDB name of client's current certificate) |
string |
|
|
<string> |
User (Username for doing the IR with a pre-shared key) |
string |
|
|
<string> |
Password (Password for doing the IR with a pre-shared key) |
string |
|
|
<string> |
Subject (optional, e.g. "CN=User,O=Org,OU=Unit"). |
string |
|
|
<string> |
Subject alternative name (optional, e.g. "DNS:dns1.com,IP:192.168.1.99"). |
string |
|
|
<ip> |
Source-IP for communications to the CMP server (optional). |
string |
|
execute vpn certificate local generate default-gui-mgmt-cert
Generate the default GUI mgmt admin-server certificate.
execute vpn certificate local generate default-gui-mgmt-cert
execute vpn certificate local generate default-ssl-ca
Generate the default CA certificate used by SSL Inspection.
execute vpn certificate local generate default-ssl-ca
execute vpn certificate local generate default-ssl-ca-untrusted
Generate the default untrusted CA certificate used by SSL Inspection.
execute vpn certificate local generate default-ssl-ca-untrusted
execute vpn certificate local generate default-ssl-key-certs
Generate the default RSA, DSA and ECDSA key certs for ssl resign.
execute vpn certificate local generate default-ssl-key-certs
execute vpn certificate local generate default-ssl-serv-key
Generate the default server key used by SSL Inspection.
execute vpn certificate local generate default-ssl-serv-key
execute vpn certificate local generate ec
Generate an elliptic curve certificate request.
execute vpn certificate local generate ec <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <ip> <string> <string> <string> <string>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
Local certificate name. |
string |
|
|
<string> |
Elliptic curve name: secp256r1, secp384r1 and secp521r1. |
string |
|
|
<string> |
Subject (Host IP/Domain Name/E-Mail). |
string |
|
|
<string> |
Country name (e.g. Canada) or country code (e.g. ca). |
string |
|
|
<string> |
State. |
string |
|
|
<string> |
City. |
string |
|
|
<string> |
Org. |
string |
|
|
<string> |
Unit(s); ',' as delimiter. |
string |
|
|
<string> |
Email. |
string |
|
|
<string> |
Subject alternative name (optional). |
string |
|
|
<string> |
URL of the CA server for signing via SCEP (optional). |
string |
|
|
<string> |
Challenge password for signing via SCEP (optional). |
string |
|
|
<ip> |
Source-IP for communications to the CA server (optional). |
string |
|
|
<string> |
CA identifier of the CA server for signing via SCEP (optional). |
string |
|
|
<string> |
Password for private-key (optional). |
string |
|
|
<string> |
Installed CA certificate for generating fingerprint for validating CA from SCEP server (optional). |
string |
|
|
<string> |
Fingerprint for authenticating CA certificate from SCEP server. Ignored if valid CA for generating fingerprint is specified (optional). |
string |
|
execute vpn certificate local generate rsa
Generate a RSA certificate request.
execute vpn certificate local generate rsa <string> <number> <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <ip> <string> <string> <string> <string>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
Local certificate name. |
string |
|
|
<number> |
Key size: 1024, 1536, 2048, 4096. |
string |
|
|
<string> |
Subject (Host IP/Domain Name/E-Mail). |
string |
|
|
<string> |
Country name (e.g. Canada) or country code (e.g. ca). |
string |
|
|
<string> |
State. |
string |
|
|
<string> |
City. |
string |
|
|
<string> |
Org. |
string |
|
|
<string> |
Unit(s); ',' as delimiter. |
string |
|
|
<string> |
Email. |
string |
|
|
<string> |
Subject alternative name (optional). |
string |
|
|
<string> |
URL of the CA server for signing via SCEP (optional). |
string |
|
|
<string> |
Challenge password for signing via SCEP (optional). |
string |
|
|
<ip> |
Source-IP for communications to the CA server (optional). |
string |
|
|
<string> |
CA identifier of the CA server for signing via SCEP (optional). |
string |
|
|
<string> |
Password for private-key (optional). |
string |
|
|
<string> |
Installed CA certificate for generating fingerprint for validating CA from SCEP server (optional). |
string |
|
|
<string> |
Fingerprint for authenticating CA certificate from SCEP server. Ignored if valid CA for generating fingerprint is specified (optional). |
string |
|
execute vpn certificate local import tftp
Import the signed certificate from a TFTP server.
execute vpn certificate local import tftp <string> <tftp server> <string> <Enter>|<passwd>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
File name on the TFTP server. |
string |
|
|
<tftp server> |
TFTP server IPv4, IPv6, or FQDN. |
string |
|
|
<string> |
Certificate file type ('cer'|'p12'). |
string |
|
|
<Enter>|<passwd> |
Password for PKCS12 file. |
string |
|
execute vpn certificate local verify
Verify certificate and private key files match and regenerate if mismatched.
execute vpn certificate local verify <string>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
Local certificate name. |
string |
|
execute vpn certificate remote export tftp
Export REMOTE certificate to a TFTP server.
execute vpn certificate remote export tftp <string> <string> <tftp server>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
REMOTE certificate name. |
string |
|
|
<string> |
File name on the TFTP server. |
string |
|
|
<tftp server> |
TFTP server IPv4, IPv6, or FQDN. |
string |
|
execute vpn certificate remote import tftp
Import REMOTE certificate from a TFTP server.
execute vpn certificate remote import tftp <string> <tftp server>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<string> |
File name on the TFTP server. |
string |
|
|
<tftp server> |
TFTP server IPv4, IPv6, or FQDN. |
string |
|
execute vpn ikecrypt dhperf compute
Run DH generate and compute benchmark.
execute vpn ikecrypt dhperf compute <rounds>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<rounds> |
Number of DH generate and compute rounds to perform per group <1-100000>. |
string |
|
execute vpn ikecrypt dhperf generate
Run DH generate benchmark.
execute vpn ikecrypt dhperf generate <rounds>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<rounds> |
Number of DH generate rounds to perform per group <1-100000>. |
string |
|
execute vpn ipsec tunnel down
Shut down the specified IPsec tunnel.
execute vpn ipsec tunnel down <phase2> <phase1> <serial>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<phase2> |
Phase2 name. |
string |
|
|
<phase1> |
Phase1 name. |
string |
|
|
<serial> |
Phase2 serial number. |
string |
|
execute vpn ipsec tunnel up
Activate the specified IPsec tunnel.
execute vpn ipsec tunnel up <phase2> <phase1> <serial>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<phase2> |
Phase2 name. |
string |
|
|
<phase1> |
Phase1 name. |
string |
|
|
<serial> |
Phase2 serial number. |
string |
|
execute vpn sslvpn del-all
Delete all connections under current VDOM.
execute vpn sslvpn del-all <tunnel>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<tunnel> |
Press <Enter> to delete all or type "tunnel" to delete tunnel only. |
string |
|
execute vpn sslvpn del-tunnel
Delete tunnel connection.
execute vpn sslvpn del-tunnel <index>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<index> |
Tunnel index. |
string |
|
execute vpn sslvpn del-web
Delete web connection.
execute vpn sslvpn del-web <index>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<index> |
Web index. |
string |
|
execute vpn sslvpn list
List tunnel connections.
execute vpn sslvpn list <web|tunnel>
|
Parameter |
Description |
Type |
Size |
|---|---|---|---|
|
<web|tunnel> |
Web or tunnel. |
string |
|