From the InCenter CLI, it is possible to start a normal CLI session to a NetShield node so InCenter relays commands to the node. However, this will not affect the InCenter configuration database or InCenter history in any way, and is the equivalent of a direct SSH console session to the firewall. Note that this is a feature that is only available for NetShield nodes and it is not available with NetWall nodes.

In addition, while under the centralized management control of InCenter, the only commands that can be relayed are those which do not modify the node configuration. This is explained further in Chapter 10, Centralized Management Control

For example, to open a direct CLI session to the node my-node1, the InCenter CLI command would be:

admin@InCenter:/> node my-node1 cli
Starting relayed node CLI connection towards node my-node1
at 192.168.98.14 with user admin
Welcome.
Logged in as administrator - admin
System:/>

The System:/> prompt is a standard firewall CLI prompt. Now, all firewall commands can be entered as though there is a direct connection to the node.

To terminate relaying and return to the default InCenter CLI context, the exit command is used:

System:/> exit
Ended relayed node CLI connection towards node my-node1
at 192.168.98.14 with user admin
admin@InCenter:/>

With this relay feature, InCenter is simply relaying CLI commands to the firewall outside of InCenter monitoring. It is equivalent to a direct SSH connection to the firewall. It is intended to be used for troubleshooting purposes only.

Note that the firewall will not allow the changing of its configuration using the relay feature while it is under centralized management control. Changes can only be made directly once the node is removed from centralized control. This is explained further in Chapter 10, Centralized Management Control.