execute vpn

vpn

This topic includes the following commands:

• execute vpn certificate ca export tftp
• execute vpn certificate ca import auto
• execute vpn certificate ca import bundle
• execute vpn certificate ca import est
• execute vpn certificate ca import tftp
• execute vpn certificate crl import auto
• execute vpn certificate ems_ca import tftp
• execute vpn certificate hsm-local gch-get-versions
• execute vpn certificate hsm-local status
• execute vpn certificate hsm-local verify
• execute vpn certificate local export tftp
• execute vpn certificate local generate cmp-ec
• execute vpn certificate local generate cmp-rsa
• execute vpn certificate local generate default-gui-mgmt-cert
• execute vpn certificate local generate default-ssl-ca
• execute vpn certificate local generate default-ssl-ca-untrusted
• execute vpn certificate local generate default-ssl-key-certs
• execute vpn certificate local generate default-ssl-serv-key
• execute vpn certificate local generate ec
• execute vpn certificate local generate est
• execute vpn certificate local generate rsa
• execute vpn certificate local import tftp
• execute vpn certificate local verify
• execute vpn certificate remote export tftp
• execute vpn certificate remote import tftp
• execute vpn ikecrypt dhperf compute
• execute vpn ikecrypt dhperf generate
• execute vpn ipsec tunnel down
• execute vpn ipsec tunnel up
• execute vpn sslvpn del-all
• execute vpn sslvpn del-tunnel
• execute vpn sslvpn del-web
• execute vpn sslvpn list

execute vpn certificate ca export tftp

Export CA certificate to a TFTP server.

execute vpn certificate ca export tftp <string> <string> <ip>

Parameter	Description	Type	Size
<string>	CA certificate name.	string
<string>	File name on the TFTP server.	string
<ip>	IP address of TFTP server.	string

execute vpn certificate ca import auto

Import CA certificate via SCEP.

execute vpn certificate ca import auto <string> <string> <ip> <fingerprint>

Parameter	Description	Type	Size
<string>	URL of the CA server.	string
<string>	CA Identifier (optional).	string
<ip>	Source-IP for communications to the CA server (optional).	string
<fingerprint>	Fingerprint for authenticating CA certificate from server (optional).	string

execute vpn certificate ca import bundle

Import certificate bundle from a TFTP server.

execute vpn certificate ca import bundle <string> <ip>

Parameter	Description	Type	Size
<string>	File name on the TFTP server.	string
<ip>	IP address of TFTP server.	string

execute vpn certificate ca import est

Import CA certificate via EST.

execute vpn certificate ca import est <string> <string> <string> <string> <ip> <string> <string> <string> <string>

Parameter	Description	Type	Size
<string>	URL of the CA server. (e.g. https://example.com:1234).	string
<string>	CA Identifier (optional).	string
<string>	Verify CA server using this certificate (optional).	string
<string>	Client certificate (optional).	string
<ip>	Source-IP for communications to the CA server (optional).	string
<string>	TLS-SRP Username (optional).	string
<string>	TLS-SRP Password (optional).	string
<string>	HTTP Authentication Username (optional).	string
<string>	HTTP Authentication Password (optional).	string

execute vpn certificate ca import tftp

Import CA certificate from a TFTP server.

execute vpn certificate ca import tftp <string> <tftp server>

Parameter	Description	Type	Size
<string>	File name on the TFTP server.	string
<tftp server>	TFTP server IPv4, IPv6, or FQDN.	string

execute vpn certificate crl import auto

Update CRL.

execute vpn certificate crl import auto <string>

Parameter	Description	Type	Size
<string>	CRL name.	string

execute vpn certificate ems_ca import tftp

Import Testing EMS CA certificate from a TFTP server.

execute vpn certificate ems_ca import tftp <string> <tftp server>

Parameter	Description	Type	Size
<string>	File name on the TFTP server.	string
<tftp server>	TFTP server IPv4, IPv6, or FQDN.	string

execute vpn certificate hsm-local gch-get-versions

List available crypto-key-versions.

execute vpn certificate hsm-local gch-get-versions <string> <string>

Parameter	Description	Type	Size
<string>	hsm-local certificate name.	string
<string>	Access token or JSON Web Token to be used as bearer token in request.	string

execute vpn certificate hsm-local status

Status check for an hsm-local certificate.

execute vpn certificate hsm-local status <string> <string>

Parameter	Description	Type	Size
<string>	hsm-local certificate name.	string
<string>	Access token or JSON Web Token to be used as bearer token in request.	string

execute vpn certificate hsm-local verify

Verify between hsm-local certificate and its private key.

execute vpn certificate hsm-local verify <string> <string>

Parameter	Description	Type	Size
<string>	hsm-local certificate name.	string
<string>	Access token or JSON Web Token to be used as bearer token in request.	string

execute vpn certificate local export tftp

Export local certificate or certificate request to a TFTP server.

execute vpn certificate local export tftp <string> <string> <string> <tftp server>

Parameter	Description	Type	Size
<string>	Local certificate name.	string
<string>	Certificate file type ('cer'|'p12'|'csr').	string
<string>	File name on the TFTP server.	string
<tftp server>	TFTP server IPv4, IPv6, or FQDN.	string

execute vpn certificate local generate cmp-ec

Generate a ECDSA certificate request over CMPv2.

execute vpn certificate local generate cmp-ec <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <ip>

Parameter	Description	Type	Size
<string>	Local certificate name.	string
<string>	Elliptic curve name: secp256r1, secp384r1 and secp521r1.	string
<string>	Server ('ADDRESS:PORT' for CMP server).	string
<string>	Path (Path location inside CMP server)	string
<string>	SrvCert (CMDB name of CMP server's certificate/root-CA)	string
<string>	AuthCert (CMDB name of client's current certificate)	string
<string>	User (Username for doing the IR with a pre-shared key)	string
<string>	Password (Password for doing the IR with a pre-shared key)	string
<string>	Subject (optional, e.g. "CN=User,O=Org,OU=Unit").	string
<string>	Subject alternative name (optional, e.g. "DNS:dns1.com,IP:192.168.1.99").	string
<ip>	Source-IP for communications to the CMP server (optional).	string

execute vpn certificate local generate cmp-rsa

Generate a RSA certificate request over CMPv2.

execute vpn certificate local generate cmp-rsa <string> <number> <string> <string> <string> <string> <string> <string> <string> <string> <ip>

Parameter	Description	Type	Size
<string>	Local certificate name.	string
<number>	Key size: 1024, 1536, 2048, 4096.	string
<string>	Server ('ADDRESS:PORT' for CMP server, add 'https://' before address to enable ssl/tls).	string
<string>	Path (Path location inside CMP server)	string
<string>	SrvCert (CMDB name of CMP server's certificate/root-CA)	string
<string>	AuthCert (CMDB name of client's current certificate)	string
<string>	User (Username for doing the IR with a pre-shared key)	string
<string>	Password (Password for doing the IR with a pre-shared key)	string
<string>	Subject (optional, e.g. "CN=User,O=Org,OU=Unit").	string
<string>	Subject alternative name (optional, e.g. "DNS:dns1.com,IP:192.168.1.99").	string
<ip>	Source-IP for communications to the CMP server (optional).	string

execute vpn certificate local generate default-gui-mgmt-cert

Generate the default GUI mgmt admin-server certificate.

execute vpn certificate local generate default-gui-mgmt-cert

execute vpn certificate local generate default-ssl-ca

Generate the default CA certificate used by SSL Inspection.

execute vpn certificate local generate default-ssl-ca

execute vpn certificate local generate default-ssl-ca-untrusted

Generate the default untrusted CA certificate used by SSL Inspection.

execute vpn certificate local generate default-ssl-ca-untrusted

execute vpn certificate local generate default-ssl-key-certs

Generate the default RSA, DSA and ECDSA key certs for ssl resign.

execute vpn certificate local generate default-ssl-key-certs

execute vpn certificate local generate default-ssl-serv-key

Generate the default server key used by SSL Inspection.

execute vpn certificate local generate default-ssl-serv-key

execute vpn certificate local generate ec

Generate an elliptic curve certificate request.

execute vpn certificate local generate ec <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <ip> <string> <string> <string> <string>

Parameter	Description	Type	Size
<string>	Local certificate name.	string
<string>	Elliptic curve name: secp256r1, secp384r1 and secp521r1.	string
<string>	Subject (Host IP/Domain Name/E-Mail).	string
<string>	Country name (e.g. Canada) or country code (e.g. ca).	string
<string>	State.	string
<string>	City.	string
<string>	Org.	string
<string>	Unit(s); ',' as delimiter.	string
<string>	Email.	string
<string>	Subject alternative name (optional).	string
<string>	URL of the CA server for signing via SCEP (optional).	string
<string>	Challenge password for signing via SCEP (optional).	string
<ip>	Source-IP for communications to the CA server (optional).	string
<string>	CA identifier of the CA server for signing via SCEP (optional).	string
<string>	Password for private-key (optional).	string
<string>	Installed CA certificate for generating fingerprint for validating CA from SCEP server (optional).	string
<string>	Fingerprint for authenticating CA certificate from SCEP server. Ignored if valid CA for generating fingerprint is specified (optional).	string

execute vpn certificate local generate est

Generate an certificate via Enrollment over Secure Transport.

execute vpn certificate local generate est <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <ip> <string> <string>

Parameter	Description	Type	Size
<string>	Local certificate name.	string
<string>	Cryptography algorithm: rsa-1024, rsa-1536, rsa-2048, rsa-4096, ec-secp256r1, ec-secp384r1, ec-secp521r1	string
<string>	URL of the CA server. (e.g. https://example.com:1234).	string
<string>	Subject (optional, e.g. "CN=User,O=Org,OU=Unit").	string
<string>	Subject alternative name (optional, e.g. "DNS:dns1.com,IP:192.168.1.99").	string
<string>	HTTP Authentication Username (optional).	string
<string>	HTTP Authentication Password (optional).	string
<string>	CA Identifier (optional).	string
<string>	CA Server certificate (optional).	string
<string>	Password for private-key (optional).	string
<string>	Client certificate (optional).	string
<ip>	Source-IP for communications to the CA server (optional).	string
<string>	TLS-SRP Username (optional).	string
<string>	TLS-SRP Password (optional).	string

execute vpn certificate local generate rsa

Generate a RSA certificate request.

execute vpn certificate local generate rsa <string> <number> <string> <string> <string> <string> <string> <string> <string> <string> <string> <string> <ip> <string> <string> <string> <string>

Parameter	Description	Type	Size
<string>	Local certificate name.	string
<number>	Key size: 1024, 1536, 2048, 4096.	string
<string>	Subject (Host IP/Domain Name/E-Mail).	string
<string>	Country name (e.g. Canada) or country code (e.g. ca).	string
<string>	State.	string
<string>	City.	string
<string>	Org.	string
<string>	Unit(s); ',' as delimiter.	string
<string>	Email.	string
<string>	Subject alternative name (optional).	string
<string>	URL of the CA server for signing via SCEP (optional).	string
<string>	Challenge password for signing via SCEP (optional).	string
<ip>	Source-IP for communications to the CA server (optional).	string
<string>	CA identifier of the CA server for signing via SCEP (optional).	string
<string>	Password for private-key (optional).	string
<string>	Installed CA certificate for generating fingerprint for validating CA from SCEP server (optional).	string
<string>	Fingerprint for authenticating CA certificate from SCEP server. Ignored if valid CA for generating fingerprint is specified (optional).	string

execute vpn certificate local import tftp

Import the signed certificate from a TFTP server.

execute vpn certificate local import tftp <string> <tftp server> <string> <Enter>|<passwd>

Parameter	Description	Type	Size
<string>	File name on the TFTP server.	string
<tftp server>	TFTP server IPv4, IPv6, or FQDN.	string
<string>	Certificate file type ('cer'|'p12').	string
<Enter>|<passwd>	Password for PKCS12 file.	string

execute vpn certificate local verify

Verify certificate and private key files match and regenerate if mismatched.

execute vpn certificate local verify <string>

Parameter	Description	Type	Size
<string>	Local certificate name.	string

execute vpn certificate remote export tftp

Export REMOTE certificate to a TFTP server.

execute vpn certificate remote export tftp <string> <string> <tftp server>

Parameter	Description	Type	Size
<string>	REMOTE certificate name.	string
<string>	File name on the TFTP server.	string
<tftp server>	TFTP server IPv4, IPv6, or FQDN.	string

execute vpn certificate remote import tftp

Import REMOTE certificate from a TFTP server.

execute vpn certificate remote import tftp <string> <tftp server>

Parameter	Description	Type	Size
<string>	File name on the TFTP server.	string
<tftp server>	TFTP server IPv4, IPv6, or FQDN.	string

execute vpn ikecrypt dhperf compute

Run DH generate and compute benchmark.

execute vpn ikecrypt dhperf compute <rounds>

Parameter	Description	Type	Size
<rounds>	Number of DH generate and compute rounds to perform per group <1-100000>.	string

execute vpn ikecrypt dhperf generate

Run DH generate benchmark.

execute vpn ikecrypt dhperf generate <rounds>

Parameter	Description	Type	Size
<rounds>	Number of DH generate rounds to perform per group <1-100000>.	string

execute vpn ipsec tunnel down

Shut down the specified IPsec tunnel.

execute vpn ipsec tunnel down <phase2> <phase1> <serial>

Parameter	Description	Type	Size
<phase2>	Phase2 name.	string
<phase1>	Phase1 name.	string
<serial>	Phase2 serial number.	string

execute vpn ipsec tunnel up

Activate the specified IPsec tunnel.

execute vpn ipsec tunnel up <phase2> <phase1> <serial>

Parameter	Description	Type	Size
<phase2>	Phase2 name.	string
<phase1>	Phase1 name.	string
<serial>	Phase2 serial number.	string

execute vpn sslvpn del-all

Delete all connections under current VDOM.

execute vpn sslvpn del-all <tunnel>

Parameter	Description	Type	Size
<tunnel>	Press <Enter> to delete all or type "tunnel" to delete sesison only.	string

execute vpn sslvpn del-tunnel

Delete session connection.

execute vpn sslvpn del-tunnel <index>

Parameter	Description	Type	Size
<index>	Session index.	string

execute vpn sslvpn del-web

Delete web connection.

execute vpn sslvpn del-web <index>

Parameter	Description	Type	Size
<index>	Web index.	string

execute vpn sslvpn list

List connections.

execute vpn sslvpn list <web|tunnel>

Parameter	Description	Type	Size
<web|tunnel>	Web or session.	string