9/12/24, 13:44 Command-line reference

Documentation | Support

Search eSupport

Using the Forcepoint DLP Protector CLI > Command-line

reference

Command-line reference
Deployment and Installation Center | Forcepoint DLP

Applies to:

Forcepoint DLP, v8.5.x, v8.6.x, v8.7.x, v8.8.x, v8.9.x

Following are general guidelines to using the CLI.

For admin users, use the help command to view a list of all available commands
All commands can be run with the "help" option to view detailed help about that
command. For example:
iface help

The CLI shell offers auto-complete for command names using the TAB key. For
example, typing the letter "i" plus TAB will display all commands that start with the
letter "i."
The CLI shell implements command history. Use the up/down arrows to
view/run/modify previously entered commands, sequentially.

Some commands' output may exceed the height of the screen. Use the terminal
software to scroll back and view all output.

All commands and their arguments are case sensitive.

Abbreviations are not accepted in the CLI; it is necessary to type the entire word.
The TAB button can be used to complete partially typed commands.
Some command output may exceed the length of the screen. Once the screen is
full, the CLI will prompt –more-. Use the spacebar to display the next screen.

Exit the command line interface

Syntax
exit

Description
View all fonts in this project
https://w w w .w ebsense.com/content/support/library/deployctr/v85/protector_cli_reference.aspx 1/11
9/12/24, 13:44 Command-line reference

Exits the user from the Forcepoint Protector CLI and returns to the login prompt or to a
wrapper shell environment.

Show CLI help messages

Syntax
help

Description
This command displays all available commands with a small description for each. The
list of available commands depends on the user's profile. All commands support the help
argument. When used, the command displays a help message relevant to that
command.

Example
Forcepoint1# dns help
dns: Configure or show DNS server(s) Usage: dns [list | delall] dns
[{add | del} <ipaddr>]

Accessing the basic configuration wizard

Syntax
wizard

Description
Opens the Forcepoint Protector Installation Wizard. The user can also run wizard
securecomm to go directly to the registration stage of the Wizard, where Data
Security Manager details are entered.

Example
Forcepoint1# wizard
Forcepoint1# wizard securecomm

Rebooting the protector

Syntax
reboot

Description
Reboots the protector. The protector is shut down and restarted immediately after the
command is executed.

Turning off the protector View all fonts in this project

https://w w w .w ebsense.com/content/support/library/deployctr/v85/protector_cli_reference.aspx 2/11
9/12/24, 13:44 Command-line reference

Syntax
shutdown

Description
Shuts down the protector. The protector is shut down and powered off immediately
after the command is executed.

Showing the Forcepoint Protector version

Syntax
version

Description
Displays the protector version information.

Example
Forcepoint1# version
This is Forcepoint Content Protector 8.6.0.009, Policy Engine 8.6.0.9
(Appliance 8.6.0.009)

Setting or showing the system date

Syntax
date [-d] [dd-mmm-yyyy]

Description
Sets or displays the date of the protector. By default, the command displays the
current date. Otherwise, the argument is used to set the date of the protector.

The "date" command is also a native Linux command. Root users can access the CLI
command by running it with its full path:
/opt/websense/neti/bin/date

Parameters
If the -d option is given, the date is displayed or set using an all digit format
(mm/dd/yyyy, for example: 07/31/2017). Otherwise, a dd-mmm-yyyy format is used.
dd is the day of the month [01 to 31] mmm is the month in abbreviated 3-letter format
[Jan, Feb, Mar, etc.] yyyy is the year [2016, 2017]

Example
Forcepoint1# date
31-Jul-2017

View all fonts in this project

https://w w w .w ebsense.com/content/support/library/deployctr/v85/protector_cli_reference.aspx 3/11
9/12/24, 13:44 Command-line reference

Setting or showing the system time

Syntax
time -h [HH[:MM[:SS]]]

Description
Sets or displays the time in the protector. By default, the command displays the
current time.

The "time" command is also a native Linux command. Root users can access the CLI
command by running it with its full path:
/opt/websense/neti/bin/time

Parameters
-u sets the time in UTC
-h displays a short usage message HH:MM:SS HH is the hour [00 to 24]
MM is the minutes [00 to 59]
SS is the seconds [00 to 59]

Example
Forcepoint1# time
17:55:03

Modify or show system time zone

Syntax
timezone [list, show, set <timezone>]

Description
Shows or sets the protector time zone.

Parameters
list displays a complete list of time zones that can be set in the Forcepoint
Protector
show displays the time zone set in the Forcepoint Protector (default option)
set <timezone> sets the time zone. The set command must be followed by the
name of the time zone to be selected, as listed using the list command. Note that
the names of the time zones are case-sensitive.

Default
When no argument is given, "show" is assumed.

View all fonts in this project

https://w w w .w ebsense.com/content/support/library/deployctr/v85/protector_cli_reference.aspx 4/11
9/12/24, 13:44 Command-line reference

Example
Forcepoint1# timezone set US/Hawaii

Viewing protector information

Syntax
info { cpu | memory | network | diag | uptime | hardware | features}
info stats [reset]

Description
Displays information about the Forcepoint protector.

Root users must access the CLI command by running it with its full path:

/opt/websense/neti/bin/info

Parameters
cpu displays the protector's CPU usage information.
memory displays the protector memory usage information.
network displays the protector's network settings including hostname, domain
name, IP address and routing table.

diag creates a diagnostic file to be used by Forcepoint technical services.

uptime displays the amount of time the protector has been up and operational.
features lists all the possible features available on this protector and what they
can do (monitor or block).
hardware displays hardware information including which network cards are
installed.
stats displays traffic statistics for each protocol being monitored; this is useful to
verify the operational status of the Protector.
stats reset resets all statistics counters to zero.

Example
Forcepoint1# info cpu
Processor 1: 1.3% loaded (98.7% idle)
Forcepoint1# info memory
Free physical memory 8.7%

Collecting statistics
Syntax
debug stats [-d] [-i <interval> | -n <count>]

Description
View all fonts in this project
https://w w w .w ebsense.com/content/support/library/deployctr/v85/protector_cli_reference.aspx 5/11
9/12/24, 13:44 Command-line reference

This command allows a user to collect statistics about network behavior over time. It
does so by running info stats at specified intervals for a given number of times. The
collected statistics are saved in a CSV file for easy manipulation and analysis in
spreadsheet tools such as Microsoft Excel. The resulting file is saved as:

opt/pa/log/collect_stats.csv.gz

Parameters
-d: delete previously recorded statistics information file, if one exists
interval: the interval in seconds between two runs that take a snapshot of the
statistics.
count: how many times the statistics snapshot should be taken.

Default
The default interval is every 60 seconds. The default number is 1440 (which is the
equivalent of 24 hours of statistics when the default interval of 60 is selected).

Example
Forcepoint# debug stats -d -i 120

Configure or show the DNS server(s)

Syntax
dns [list | delall] dns [{add | del}] <ip_address>]

Description
Lists, adds, or deletes DNS servers.

Parameters
list: displays a list of DNS servers in the protector
delall: deletes all DNS servers set in the protector
add: adds a DNS server specified by its IP address to the protector

del: deletes the DNS server denoted by the specified IP address

Example
Forcepoint1# dns add 192.168.15.3

Configure or show the default domain name(s)

Syntax
domain [list | delall] domain [{add (-m) | del} <domain>]

Description View all fonts in this project

https://w w w .w ebsense.com/content/support/library/deployctr/v85/protector_cli_reference.aspx 6/11
9/12/24, 13:44 Command-line reference

Lists, adds, or deletes default domain names in the protector.

Parameters
list: displays a list of configured default domain names in the protector

delall: deletes all default domain names set in the protector

add: adds a default domain name specified by <domain> to the protector

Use the -m switch to set a domain as main. The main domain is the domain that
the protector is actually is a member of. Without the 1m switch a search domain is
created. For the protector to resolve a domain this domain is searched as well.
There may be many search domains, but only one main domain.
del: deletes the default domain name denoted by <domain> from the protector

Example
Forcepoint1# domain add example.com

Configure or show the default gateway

Syntax
gateway <ip_address>
gateway [list | delete]

Description
By default, displays the current defined gateway. Using the parameters, it is possible
to set or delete the default gateway of the protector.

Parameters
ipaddr: when given, the ipaddr is used as a default gateway for the protector.

list: shows the configured default gateway.

delete: deletes the defined default gateway.

If this command is run from a remote SSH session, the session may terminate.

Example
Forcepoint1# gateway 192.168.10.254

Configure or show the hostname

Syntax
hostname <name>

Description
View all fonts in this project
https://w w w .w ebsense.com/content/support/library/deployctr/v85/protector_cli_reference.aspx 7/11
9/12/24, 13:44 Command-line reference

Displays the current hostname. The parameter can also set a unique name by which to
identify the protector.

Parameters
If a name is given, the hostname is set to the given name. Otherwise, the hostname is
displayed.

Example
Forcepoint1# hostname 1Tokyo

Configure or show interface information

Syntax
iface [list]
iface ifname [ip <ip_address>] [prefix <prefix>] [bcast <bcastaddr>]
[speed <speed>] [duplex <duplex>] [mgmt] [enable|disable] [descr
<description>]

Description
Configures and displays the protector's network interface information. When invoked
without arguments or with the list option, the command displays a list of all available
interfaces in the system. When invoked with only an interface name, the command
shows detailed information about that interface. Any other invocation method
configures the interface denoted in ifname.

Note
Use a console connection to the protector when using
this command to configure the management interface,
(and not a remote SSH connection). Using the latter
may terminate the session to the protector. In
addition, if the IP address is changed, it may be
required to re-establish secure communication with
the Forcepoint DLP server (by re-running the
configuration wizard).

Parameters
ip: the IP address assigned to the interface. This option is valid only for the
management interface. When setting ip, the prefix and bcast options must also be
set.
prefix: network mask of the interface. For example: 24 (will assign 255.255.255.0
mask to the interface)

bcast: broadcast address of the interface. For example: for an interface with the IP
address 192.168.1.1/24, the broadcast address is usually 192.168.1.255.
speed: interface link speed. Available speeds: auto, 10, 100, 1000
duplex: interface link duplex. Available duplex options: auto, half, full
View all fonts in this project
https://w w w .w ebsense.com/content/support/library/deployctr/v85/protector_cli_reference.aspx 8/11
9/12/24, 13:44 Command-line reference

mgmt: sets the interface as the management interface of the protector. The
previously defined management interface can no longer be used for management
purposes.
enable, disable: enables or disables the interface (default is enable)

descr: assigns a short description for the interface. Note that if the description
contains spaces, it must be enclosed within quotation marks ("").

Default
eth0

Example
Forcepoint1# iface eth0 ip 10.100.16.20 prefix 24 bcast 10.100.16.255
mgmt enable

Add or delete routing information

Syntax
route list
route add {destination network | destination ip} {via ip | dev device}
route del {destination network | destination ip} {via ip | dev device}

Description
Adds or deletes route entries in the protector. When adding or deleting routes to
networks, use the x.x.x.x/prefix format. For example: 192.168.1.0/24.

Parameters
list: displays the protector's routing table

add: adds a route to a network or IP address

del: deletes a route to a network or IP address

Example
Forcepoint1# route add 100.20.32.0/24 via 10.16.10.10
Forcepoint1# route add 172.16.1.0/24 dev eth0

Manage users
Syntax
user add {username} profile {profile} pwd {password}
user del {username}
user mod {username} [profile {profile}] [pwd {new password}]
user list

Description View all fonts in this project

https://w w w .w ebsense.com/content/support/library/deployctr/v85/protector_cli_reference.aspx 9/11
9/12/24, 13:44 Command-line reference

Use the "user" command to define additional system access accounts. Each account
has a profile that defines the operations available to users.

The available profiles are:

admin: all commands are allowed

netadmin: only networking related commands are allowed

policyadmin: only the policy command is allowed

The list of commands each profile can run cannot be changed.

Parameters
add: add a user with the given profile and password
del: delete a user
mod: modify a user's profile and/or password

list: display a list of all defined users and their profiles

Example
Forcepoint1# user add Jonny profile netadmin pwd 123qwe

Filtering monitored networks

Use the Forcepoint Management Interface to define which networks are monitored by
the protector.

This CLI command enables advanced filtering of monitored networks.

Note
Forcepoint recommends testing the filter using
tcpdump before setting the filter. This ensures that
the protector recognizes the filter expression.

Syntax
filter [show | set rule | delete]

Parameters
show: displays the current active filters - monitored networks

set: defines a list of monitored networks

delete: deletes previously set filter rules

Example
Forcepoint1# filter set "tcp and host 10.0.0.1"

This command sets the protector to monitor all TCP traffic to/from 10.0.0.1 and ignore
View
all other hosts in the network. If VLAN is used, it should be listed first in the all fonts in this project
filter
https://w w w .w ebsense.com/content/support/library/deployctr/v85/protector_cli_reference.aspx 10/11
9/12/24, 13:44 Command-line reference
("vlan and tcp" instead of "tcp and vlan").

Using the Forcepoint DLP Protector CLI > Command-line

reference

Copyright 2023 Forcepoint. All rights reserved.

View all fonts in this project

https://w w w .w ebsense.com/content/support/library/deployctr/v85/protector_cli_reference.aspx 11/11