Views:

A list of available CLI commands for managing the Private Access Connector virtual appliance.

To access the CLI, connect to and open the Connector virtual appliance (either directly or through SSH). Log on to the CLI with your account credentials.
To view basic information of the Private Access Connector, such as network settings and service status, run the show command. For example, use show ip route to check the network IP route. For a list of available commands, type show and then press the ? key.
To view a list of tasks you can perform and enable administrative commands, run the enable command. Enabling administrative commands changes the command prompt from > to #.
The following table lists out the administrative commands you can use to manage the Connector virtual appliance.
Command
Syntax
Description
enable
enable
Enters privileged mode to enable administrative commands
clear
clear
Clears the content on the screen
exit
exit
Exits the session
reboot
reboot
Restarts a Private Access Connector immediately
shutdown
shutdown
Shuts down a Private Access Connector immediately
passwd
passwd
Changes the password of running the enable command
register
register <registration_token>
Registers a Private Access Connector to Trend Vision One
Note
Note
This command is not available for Connectors deployed on Microsoft Azure using scale set VM deployment.
unregister
unregister
Unregisters a Private Access Connector from Trend Vision One
unregister force
unregister force
Forcibly unregisters a Private Access Connector from Trend Vision One
register auto
register auto
Registers a Private Access Connector to Trend Vision One when automatic registration fails
Note
Note
This command is available only for Connectors deployed on Microsoft Azure using scale set VM deployment.
ifconfig
ifconfig
Shows information about an interface
ping
ping [-c num_echos] [-i interval] <dest>
Checks the connection to a destination
[num_echos]: Number of echo requests to be sent
[-i interval]: Delay interval in seconds between each packet
<dest>: Destination host name or IP address
traceroute
traceroute <dest>
Tracks route to a destination
<dest>: Destination host name or IP address
resolve
resolve <dest>
Resolves an IP address from a host name or resolve a host name from an IP address
<dest>: Destination host name or IP address
proxytest
proxytest
Tests the connection to the proxy server
show interface
show interface
Displays information about all interfaces in use
show dpid bypass
show dpid bypass
Displays whether the rule enforcement function of a Private Access Connector is disabled
show dns
show dns
Displays the DNS settings of a Private Access Connector
show proxy
show proxy
Displays details of the proxy server connection
show hostname
show hostname
Displays the host name of a Private Access Connector
show uptime
show uptime
Displays the time when a Private Access Connector is up and running, as well as its load information
show version
show version
Displays the version of a Private Access Connector
show ip route
show ip route
Displays the routing table of a router
show register
show register
Displays the registration status of a Private Access Connector
show timezone
show timezone
Displays the time zone of a Private Access Connector
show timezonelist
show timezonelist [country_or_region_or_city]
Displays the available time zones to configure for a Private Access Connector
[country_or_region_or_city]: Keyword to list the available time zones for a specific country, region, or city, for example, Africa, shanghai
show time
show time
Displays system time
show ntp server
show ntp server
Displays the NTP server of a Private Access Connector
show ntp status
show ntp status
Displays the status of NTP
configure interface ip
configure interface <interface> <ip> <mask>
Configures the IP address for your Ethernet interface
<interface>: Name of the interface
<ip>: IP address for the interface
<mask>: Network mask for the interface
configure hostname
configure hostname <hostname>
Configures the host name for a Private Access Connector
<hostname>: Host name or FQDN for the Connector
configure dns primary
configure dns primary <dns>
Configures a DNS server as the primary DNS server
<dns>: IP address of a DNS server
configure dns secondary
configure dns secondary <dns>
Configures a DNS server as the secondary DNS server
<dns>: IP address of a DNS server
configure no dns primary
configure no dns primary
Deletes the primary DNS server
configure no dns secondary
configure no dns secondary
Deletes the secondary DNS server
configure ip route
configure ip route <dest> <via> <dev>
Adds a static route entry for traffic to a destination network
<dest>: Destination network segment, for example, 0.0.0.0/0
<via>: IP address of the default gateway
<dev>: Name of your Ethernet interface
configure no ip route
configure no ip route <dest> <via> <dev>
Deletes the static route entry for traffic to a destination network
<dest>: Destination network segment, for example, 0.0.0.0/0
<via>: IP address of the default gateway
<dev>: Name of your Ethernet interface
configure dpid bypass
configure dpid bypass <on/off>
Disables or enables the rule enforcement function of a Private Access Connector
If <on/off> is set to on, the Connector does not enforce rules to user access requests and allows all access to destinations. The default value is off.
configure ping
configure ping <interface> <on/off>
Allows or blocks ping packages for your Ethernet interface
<interface>: Name of the interface
configure ssh
configure ssh <interface> <on/off>
Allows or blocks ssh traffic for your Ethernet interface
<interface>: Name of the interface
configure proxy
configure proxy <proxy_addr> <proxy_port> [proxy_type]
Configures a proxy server connection
<proxy_addr>: FDQN or IP address of the proxy server
<proxy_port>: Port of the proxy server
[proxy_type]: Parameter that indicates the type of traffic the proxy server accepts. Options include: http, https, all
Note
Note
If no value is specified, [proxy_type] defaults to all
configure no proxy
configure no proxy [proxy_type]
Deletes a proxy server connection
[proxy_type]: Parameter that indicates the type of traffic the proxy server accepts. Options include: http, https, all
Note
Note
If no value is specified, [proxy_type] defaults to all
configure dhcp
configure dhcp <interface>
Configures the DHCP mode for your Ethernet interface
<interface>: Name of the interface
configure timezone
configure timezone <timezone>
Configures the time zone for a Private Access Connector
Options for <timezone> include:
  • <region>/<city>: Sets the time zone in region/city format, for example, Asia/Shanghai
    Note
    Note
    Use show timezonelist to view available time zones.
  • UTC: Sets the time zone to UTC time
configure ntp server
configure ntp server <address>
Configures the NTP server for a Private Access Connector
<address>: FQDN or IP address of the NTP server
curl
curl [-X method] [-k insecure] [-v verbose] [-L location] [--tlsv tlsvX] [--http httpX] [--proxy proxy] <URL>
 Diagnoses your network using the curl command line tool.
log collect
log collect
Collects and uploads logs to Trend Vision One
Note
Note
To collect debug logs, run the log debug on command first.
log scp
log scp <address> <port> <remote_path>
Sends the collected logs to a remote server using SSH
<address>: FDQN or IP address of the remote server
<port>: Port of the remote server
<remote_path>: Path in the remote server to store the logs
log debug
log debug <mode>
Enables or disables debug logging
<mode>: Debug logging mode. Options include:
  • on: Turn on debug logging
    Note
    Note
    By default, The debug logging mode is turned off. To collect debug logs for troubleshooting, run the log debug on command first.
  • off: Turn off debug logging
    Note
    Note
    Trend Micro recommends turning off debug logging when it is no longer needed.
log list
log list
Shows the existing log file
log upload
log upload
Uploads the already collected logs to Trend Vision One
pkt capture
pkt capture [interface] [timeout] [size] [express]
Captures packets on your interface
[interface]: Name of the interface
Note
Note
To capture packets on interfaces eth0 and tun0 in one command, set <interface> to default.
[timeout]: Time in seconds to stop the packet capturing process
[size]: Maximum size in megabytes (MB) of the packet file to stop the packet capturing process
[expression]: Filter expression to match the packets to be captured, for example, "dst 1.1.1.1 and tcp port 22", "port not 22"
pkt stop
pkt stop [interface]
Stops the packet capturing process on your interface
[interface]: Name of the interface
Note
Note
If no value is specified, [interface] defaults to all
pkt upload
pkt upload
Uploads the existing packet files to Trend Vision One
pkt scp
pkt scp <address> <port> <remote_path>
Sends the packet files to a remote server using SSH
<address>: FDQN or IP address of the remote server
<port>: Port of the remote server
<remote_path>: Path in the remote server to store the files
pkt list
pkt list
Shows the existing packet files
pkt ps
pkt ps
Shows the on-going packet capturing processes
pkt del
pkt del
Deletes the existing packet files
connectiontest
connectiontest [region]
Tests the connectivity to the services used by Private Access
[region]: Trend Vision One data center region to which a Private Access Connector is registered. Values include:
  • anz: Australia
  • eu: Europe
  • in: India
  • jp: Japan
  • sg: Singapore
  • us: United States
  • [auto]: The registered region of the Private Access Connector