file - Load, save or clear all files related to the configuration
[1] file load (ftp | sftp | tftp) <file-server> [<directory-name>] [(<exclusion>)*]]
[2] file save (ftp | sftp | tftp) <file-server> [[<directory-name>] [(<exclusion>)*]]
[3] file (clear [(<exclusion>)*] | report | exchange)
When you load or save a logical configuration using the conf command, files related to that configuration such as TLS certificates are not loaded or saved. Normally, you will have to load or save them one by one using appropriate commands. For instance the tls command should be used to load or save TLS certificates. In some situation, it can be helpful to load or save all those files using a single command. That’s the main purpose of the file command. The file command allows you to load or save all files related to the configuration in a one operation. To this end, the file command automatically executes all appropriates commands to load or save files related to the configuration. To make this work, files located on remote file servers should be named using a naming policy described in theFILE NAMING POLICY section below.
The first usage form allows you to load all files related to the configuration from a remote file server. Only trusted file servers are allowed. Trusted file servers are defined with the access command. This usage form requires 2 mandatory arguments. The first argument is the protocol name (ftp, sftp, or tftp) and the second argument is the name or IP address of the file server. The optional third argument is the directory name on the file server from which files should be downloaded (see theFILE NAMING POLICY section below). If no directory name is specified, the default ’/’ directory is used.
The second usage form allows you to save all files related to the configuration on a remote trusted file server. The save usage form requires the same arguments described for the load usage form. Concerned files are those that are installed and active in the system (after using the apply command). Files that are loaded into the system and not yet activated by the apply command are not saved.
Loaded or saved file types are given below. For each file type, the executed command is specified.
• Administrator public SSH keys: admin ssh key load <key-id> ...
• SNMP client certificate: admin snmp certificate add ...
• Custom WAF rules for rWeb websites: waf rweb custom <site-name> ...
• Manager SSH public key: manager ssh public ...
• Manager SSH public key: manager ssh private ...
• Server TLS certificates: tls server (load | save) <tls-id> certificate ...
• Server TLS private keys: tls server (load | save) <tls-id> key ...
• Client TLS certificates: tls client (load | save) <tls-id> certificate ...
• Client TLS base 64 encoded of the PKCS12: tls client save <tls-id> pfx ...
• Client TLS clear password: tls client save <tls-id> password...
• Client TLS PKCS12 (certificate+key): tls client save <tls-id> pkcs12...
• Client TLS private keys: tls client save <tls-id> key ...
• The TLS system CA certificate: tls ca system certificate ...
• The TLS system CA private key: tls ca system key ...
• TLS third party CA certificates: tls ca third load <ca-id> ...
• Antivirus white list signatures: antivirus whitelist signature ...
Please note that there are some limitations when using the file command. Limitations are as follows:
• Administrator public SSH keys can only be loaded.
• SNMP client certificates can only be loaded.
• Client TLS components other than certificates can only be saved.
• TLS third party certificate can only be loaded.
• The system’s CA certificate can only be loaded in PEM format.
• URL list are not loaded or saved.
• Antivirus white list can only be loaded.
• Antivirus signatures are not loaded or saved.
In the third usage form, the clear keyword allows you to clear all downloaded files into the system. Loading and saving files are performed in background. You can use the report keyword to print a report on the last operations on files.
Finally the exchange keyword allows you to display a report on the active file exchanges (files that are being exchanged).
When loading, saving or clearing files, you can optionally specify file types that you want to exclude from the loading or saving operation. File types that you can exclude form the operation and associated keyword are as follows:
• antivirus.whitelist.signature: antivirus white list signatures.
• admin.snmp.certificate: SNMP client certificates.
• admin.ssh.key: administrator public SSH keys.
• tls.ca.system: system CA certificate and private key.
• tls.ca.third: third party CA certificates.
• tls.client: client certificates and other associated components.
• tls.server: server certificates and other associated components.
• waf.rweb.custom: custom WAF rules for rWeb websites.
As no file names are specified when loading or saving files, a simple naming rule is used to identify loaded or saved files . The rule is this: each file is named using the sequence of the command name, keywords and the identifier that are normally used to load or save that file separated by the dot (".") character. For instance the pkcs12 file associated to a Client TLS identified by the myId identifier is named: tls.client.pkcs12.myId. In the same way the system CA private key is named tls.ca.system.key.
apply (1) access (1) admin (1) antivirus (1) conf (1) job (1) system (1) tls (1) urllist (1) waf (1)
CacheGuard Technologies Ltd <www.cacheguard.com>
Send bug reports or comments to the above author.
Copyright (C) 2009-2024 CacheGuard - All rights reserved