Unsupported Commands
Commands listed in this section are only used for abnormal maintenance or customer support functions, or as a temporary workaround to limitations of the current software.
These commands are "unstable," which means that they may not be provided in future SunScreen product releases, or in versions for other operating systems.
ssadm lib/nattables
ssadm lib/screeninfo
ssadm lib/statetables
ssadm lib/support
ssadm SKIP commands
ssadm lib/nattables
ssadm lib/nattables lists the contents of internal NAT tables.
ssadm lib/screeninfo
ssadm lib/screeninfo runs in sequence several of the functions of the ssadm lib/screeninfo command, printing out a large set of information about the Screen and its current configuration.
Usage:
ssadm lib/screeninfo
The output of this command can be redirected to a file and may be requested by Sun's Support services if you encounter problems with your Screen.
ssadm lib/statetables -f
ssadm lib/statetables -f causes the Screen to flush (discard) all of its connection state information. This causes all previously active connections through the Screen to be effectively disconnected.
The -f option is often useful after activating a modified policy that disallows some traffic that was previously allowed. Without running statetables -f, you allow any previously existing connections to remain active even if the new policy does not allow them. Running statetables -f causes all previously existing state sessions to be disconnecte; the active policy applies to any subsequent connections.
The -fs or -f -s option sets all IKE security associations (SAs) that are in kernel SADB to "expired" by setting their lifetime to the current time. The expired SAs can be renegotiated if they are needed. This option does not apply to IPsec manual SAs. Manually-keyed SAs never expire.
ssadm lib/support
ssadm lib/support provides various diagnostic and status information that can be useful when requesting customer support for the SunScreen product.
Usage:
ssadm lib/support function parameters...
This information may be requested by Enterprise Services if you encounter problems with your Screen.
Note -
If you have any support issues, call your authorized service provider. For further information about support, use the following URL to contact Sun's Support services: http://www.sun.com/service/support/index.html.
The major functions are shown in the table below.
Table B-7 Support Command Functions|
Functions |
Description |
|---|---|
|
config |
Bring over configuration files for the active policy |
|
date |
Set and get current time/date (SET DATE WITH CAUTION!) |
|
disks |
Check disk space (df -k) |
|
eeprom |
Check eeprom settings |
|
findcore |
Check if a core file exists |
|
help |
Prints a listing of functions available for this command |
|
last |
Check boot history (last) |
|
packages |
Check pkginfo and patch history |
|
procs |
Check processes (ps -elf) |
|
skip |
Check contents of /etc/skip/ directory |
|
stats |
Check the kernel networking statistics (netstat -k) |
|
streams |
Check the STREAMS statistics (netstat -m) |
|
versions |
Bring over version information on major SunScreen components |
ss_client
ss_client is equivalent to the command of the same name provided with earlier SunScreen firewall products, such as SunScreen EFS, Release 2.0, or SunScreen SPF-200. ss_client is provided only for the purpose of remotely administering such products using the SunScreen system as a remote Administration Station.
Usage: ss_client hostname command
For information on how to use ss_client to administer an earlier SunScreen firewall product, see the documentation for that product.
- © 2010, Oracle Corporation and/or its affiliates