Private Access Connector CLI Commands

A list of available CLI commands for managing the Private Access Connector virtual appliance.

To access the CLI, connect to and open the Connector virtual appliance (either directly or through SSH). Log on to the CLI with your account credentials.

To view basic information of the Private Access Connector, such as network settings and service status, run the show command. For example, use show ip route to check the network IP route. For a list of available commands, type show and then press the ? key.

To view a list of tasks you can perform and enable administrative commands, run the enable command. Enabling administrative commands changes the command prompt from > to #.

The following table lists out the administrative commands you can use to manage the Connector virtual appliance.

Command

Syntax

Description

enable

enable

Enters privileged mode to enable administrative commands

clear

clear

Clears the content on the screen

exit

exit

Exits the session

reboot

reboot

Restarts a Private Access Connector immediately

shutdown

shutdown

Shuts down a Private Access Connector immediately

passwd

passwd

Changes the password of running the enable command

register

register <registration_token>

Registers a Private Access Connector to Trend Micro Vision One

Note:

This command is not available for Connectors deployed on Microsoft Azure using scale set VM deployment.

unregister

unregister

Unregisters a Private Access Connector from Trend Micro Vision One

unregister force

unregister force

Forcibly unregisters a Private Access Connector from Trend Micro Vision One

register auto

register auto

Registers a Private Access Connector to Trend Micro Vision One when automatic registration fails

Note:

This command is available only for Connectors deployed on Microsoft Azure using scale set VM deployment.

ifconfig

ifconfig

Shows information about an interface

ping

ping [-c num_echos] [-i interval] <dest>

Checks the connection to a destination

[num_echos]: Number of echo requests to be sent

[-i interval]: Delay interval in seconds between each packet

<dest>: Destination host name or IP address

traceroute

traceroute <dest>

Tracks route to a destination

<dest>: Destination host name or IP address

resolve

resolve <dest>

Resolves an IP address from a host name or resolve a host name from an IP address

<dest>: Destination host name or IP address

proxytest

proxytest

Tests the connection to the proxy server

show interface

show interface

Displays information about all interfaces in use

show dpid bypass

show dpid bypass

Displays whether the rule enforcement function of a Private Access Connector is disabled

show dns

show dns

Displays the DNS settings of a Private Access Connector

show proxy

show proxy

Displays details of the proxy server connection

show hostname

show hostname

Displays the host name of a Private Access Connector

show uptime

show uptime

Displays the time when a Private Access Connector is up and running, as well as its load information

show version

show version

Displays the version of a Private Access Connector

show ip route

show ip route

Displays the routing table of a router

show register

show register

Displays the registration status of a Private Access Connector

show timezone

show timezone

Displays the time zone of a Private Access Connector

show time

show time

Displays system time

show ntp server

show ntp server

Displays the NTP server of a Private Access Connector

show ntp status

show ntp status

Displays the status of NTP

configure interface ip

configure interface <interface> <ip> <mask>

Configures the IP address for your Ethernet interface

<interface>: Name of the interface

<ip>: IP address for the interface

<mask>: Network mask for the interface

configure hostname

configure hostname <hostname>

Configures the host name for a Private Access Connector

<hostname>: Host name or FQDN for the Connector

configure dns primary

configure dns primary <dns>

Configures a DNS server as the primary DNS server

<dns>: IP address of a DNS server

configure dns secondary

configure dns secondary <dns>

Configures a DNS server as the secondary DNS server

<dns>: IP address of a DNS server

configure no dns primary

configure no dns primary

Deletes the primary DNS server

configure no dns secondary

configure no dns secondary

Deletes the secondary DNS server

configure ip route

configure ip route <dest> <via> <dev>

Adds a static route entry for traffic to a destination network

<dest>: Destination network segment, for example, 0.0.0.0/0

<via>: IP address of the default gateway

<dev>: Name of your Ethernet interface

configure no ip route

configure no ip route <dest> <via> <dev>

Deletes the static route entry for traffic to a destination network

<dest>: Destination network segment, for example, 0.0.0.0/0

<via>: IP address of the default gateway

<dev>: Name of your Ethernet interface

configure dpid bypass

configure dpid bypass <on/off>

Disables or enables the rule enforcement function of a Private Access Connector

If <on/off> is set to on, the Connector does not enforce rules to user access requests and allows all access to destinations. The default value is off.

configure ping

configure ping <interface> <on/off>

Allows or blocks ping packages for your Ethernet interface

<interface>: Name of the interface

configure ssh

configure ssh <interface> <on/off>

Allows or blocks ssh traffic for your Ethernet interface

<interface>: Name of the interface

configure proxy

configure proxy <proxy_addr> <proxy_port> [proxy_type]

Configures a proxy server connection

<proxy_addr>: FDQN or IP address of the proxy server

<proxy_port>: Port of the proxy server

[proxy_type]: Parameter that indicates the type of traffic the proxy server accepts. Options include: http, https, all

Note:

If no value is specified, [proxy_type] defaults to all

configure no proxy

configure no proxy [proxy_type]

Deletes a proxy server connection

[proxy_type]: Parameter that indicates the type of traffic the proxy server accepts. Options include: http, https, all

Note:

If no value is specified, [proxy_type] defaults to all

configure dhcp

configure dhcp <interface>

Configures the DHCP mode for your Ethernet interface

<interface>: Name of the interface

configure timezone

configure timezone <timezone>

Configures the time zone for a Private Access Connector

Options for <timezone> include:

  • <region>/<city>: Sets the time zone in region/city format, for example, Asia/Shanghai

  • UTC: Sets the time zone to UTC time

configure ntp server

configure ntp server <address>

Configures the NTP server for a Private Access Connector

<address>: FQDN or IP address of the NTP server

log collect

log collect

Collects and uploads logs to Trend Micro Vision One

Note:

To collect debug logs, run the log debug on command first.

log scp

log scp <address> <port> <username> <password> <remote_path>

Sends the collected logs to a remote server using SSH

<address>: FDQN or IP address of the remote server

<port>: Port of the remote server

<username>/<password>: Credentials used to log on to the remote server

<remote_path>: Path in the remote server to store the logs

log debug

log debug <mode>

Enables or disables debug logging

<mode>: Debug logging mode. Options include:
  • on: Turn on debug logging
    Note:

    By default, The debug logging mode is turned off. To collect debug logs for troubleshooting, run the log debug on command first.

  • off: Turn off debug logging
    Note:

    Trend Micro recommends turning off debug logging when it is no longer needed.

log list

log list

Shows the existing log file

log upload

log upload

Uploads the already collected logs to Trend Micro Vision One

pkt capture

pkt capture [interface] [timeout] [size] [express]

Captures packets on your interface

[interface]: Name of the interface

Note:

To capture packets on interfaces eth0 and tun0 in one command, set <interface> to default.

[timeout]: Time in seconds to stop the packet capturing process

[size]: Maximum size in megabytes (MB) of the packet file to stop the packet capturing process

[expression]: Filter expression to match the packets to be captured, for example, "dst 1.1.1.1 and tcp port 22", "port not 22"

pkt stop

pkt stop [interface]

Stops the packet capturing process on your interface

[interface]: Name of the interface

Note:

If no value is specified, [interface] defaults to all

pkt upload

pkt upload

Uploads the existing packet files to Trend Micro Vision One

pkt scp

pkt scp <address> <port> <username> <password> <remote_path>

Sends the packet files to a remote server using SSH

<address>: FDQN or IP address of the remote server

<port>: Port of the remote server

<username>/<password>: Credentials used to log on to the remote server

<remote_path>: Path in the remote server to store the files

pkt list

pkt list

Shows the existing packet files

pkt ps

pkt ps

Shows the on-going packet capturing processes

pkt del

pkt del

Deletes the existing packet files