AnsweredHot!Reference check in cli - Is it possible?

Author
kallbrandt
Silver Member
  • Total Posts : 95
  • Scores: 18
  • Reward points: 0
  • Joined: 2016/05/21 11:21:05
  • Status: offline
2016/08/01 13:17:06 (permalink)
0

Reference check in cli - Is it possible?

Is there an easy (preferrably, but anything goes..) way to cross-check any references to other items in the cli?
I just realised I don't know any way to do this...
Is it even possible?
Grep doesn' count...
:-)

Richie
NSE7
#1
emnoc
Expert Member
  • Total Posts : 5366
  • Scores: 351
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: Reference check in cli - Is it possible? 2016/08/01 13:31:54 (permalink) ☼ Best Answerby kallbrandt 2016/08/01 13:57:11
0
yes
 
diag system checkused is a good thing to know.
 
http://socpuppet.blogspot.com/2014/10/a-few-examples-of-how-to-do-dependency.html
 
This is basically what the webGUI does. You ca check most object via he cli 
 
examples
 
diag sys checkused firewall.adress.name <the exact name >
diag sys checkused firewall.addrgrp.name <the exact name>
diag sys checkused firewall.service.group.name  msql
diag sys checkused firewall.vip.name < the exactname>
diag sys checkused firewall.service.custom.name < theexact name>
diag sys  checkused firewall.policy.id 
diag sys checkusd system.interface.name <interface exact name >
 
 
 

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#2
kallbrandt
Silver Member
  • Total Posts : 95
  • Scores: 18
  • Reward points: 0
  • Joined: 2016/05/21 11:21:05
  • Status: offline
Re: Reference check in cli - Is it possible? 2016/08/01 13:57:32 (permalink)
0
Cool, thanks!

Richie
NSE7
#3
emnoc
Expert Member
  • Total Posts : 5366
  • Scores: 351
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: Reference check in cli - Is it possible? 2016/08/01 13:58:21 (permalink)
0

 
A few more cool ones;
 
 
( vpn users and ldap )
 
 
diag sys checkused  user.local.name theusernamehere
diag sys checkused user.ldap.name usernamehere
 
( interface in a vdom )
 
diag sys checkused  system.vdom.name  <vdomname>

 
( vpn interface )
 
dia sys checkused  vpn.ipsec.phase1-interface.name interfacename

 

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#4
poundy
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/06/13 20:58:45
  • Status: offline
Re: Reference check in cli - Is it possible? 2019/11/06 20:20:56 (permalink)
0
Sorry for 2-year-old thread resurrection, but is there a version dependency here?  FG100E, running v6.0.4 build0231 (GA), and diag sys doesn't have a "checkused" ?
#5
poundy
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/06/13 20:58:45
  • Status: offline
Re: Reference check in cli - Is it possible? 2019/11/06 21:33:41 (permalink)
0
sussed it out...
diagnose sys cmdb refcnt show firewall.vip.name
(for example)
 
#6
Jump to:
© 2019 APG vNext Commercial Version 5.5