Appendix

15Appendix

15.1CGI interface

The additional HTTPS interfaces nph-vpn.cgi, nph-diag.cgi, nph-status.cgi and nph-action.cgi are implemented as CGI (Common Gateway Interface) scripts.

For more information on using the CGI interfaces, see mGuard Application Notes (UM EN MGUARD APPNOTES), available at phoenixcontact.net/products or help.mguard.com.

When executing the CGI scrips nph-vpn.cgi, nph-diag.cgi, nph-status.cgi and nph-action.cgi, only the following characters may be used in user names, passwords, and other user-defined names (for example, the name of a VPN connection):

–Letters: A - Z, a - z

–Digits: 0 - 9

–Special characters: - . _ ~

If other special characters, such as "space" or the "question mark", are used, they must be encoded accordingly (URL encoding).

Using the command line tool wget is not supported. Instead, you can use the command line tool curl (parameters and options differ!).

Example:

curl --insecure "https://admin:mGuard@192.168.1.1/nph-vpn.cgi?name=Athen&cmd=up"

The option --insecure (curl) ensures that the HTTPS certificate on the mGuard does not undergo any further checking.

Table 15-1: Encoding of special characters (URL encoding)
(Space)	!	"	#	$	%	&	'	(	)	*	+
%20	%21	%22	%23	%24	%25	%26	%27	%28	%29	%2A	%2B


,	/	:	;	=	?	@	[	\	]	{	\|	}
%2C	%2F	%3A	%3B	%3D	%3F	%40	%5B	%5C	%5D	%7B	%7C	%7D

15.2Command line tool „mg“

The following commands can be executed on the command line of the mGuard by the users root and admin.

Table 15-2: Command line tool “mg“
Command	Parameter	Description
mg update	patches	An automatic online update will be started. The required package set will be determined automatically by the mGuard (see"Automatic Update" on page 79). Patch-Releases resolve errors in previous versions and have a version number which only changes in the third digit position.
	minor	Minor- und major releases supplement the mGuard with new properties or contain changes that affect the behavior of the mGuard. Their version number changes in the first or second digit position.
	major
mg status	/network/dns-servers	Used DNS server Names of the DNS servers used by the mGuard for name resolution.
	/network/if-state/ext1/gw	Current default route The IP address that the mGuard uses to try to reach unknown networks.
	/network/if-state/ext1/ip	External IP address The addresses via which the mGuard can be accessed by devices from the external network. In Stealth mode, the mGuard adopts the address of the locally connected computer as its external IP.
	/network/if-state/ext1/netmask	Net mask of the external IP address.

15.3LED status indicator and blinking behavior

15.3.1Representation of system states

The system states (status, alarm or error messages), which are displayed by the LED's lighting and blinking behavior, are shown in Table 15-3.

Table 15-3: System states represented by lighting and blinking behavior of the LEDs
PF1 (green)	PF2 (green)	PF3 (green)	PF4 (green)	PF5 (ERR) (red)	FAIL (FAULT) (red)	Description of the system state
Heartbeat						The system status is OK. The PF1 LED is blinking in the rhythm "heartbeat".
				ON		A severe error has happened.
Heartbeat				ON (3 sec)	ON (5 sec)	The system is booting. The PF1 LED is blinking in the rhythm "heartbeat". All PF LEDs (PF1–5) are "ON" for a few seconds.
				Blink 500/500		Bootloader replacement failed due to hardware error.
Heartbeat					ON	No connectivity on WAN interface (link supervision configurable on device)
Heartbeat					ON	No connectivity on LAN interface (link supervision configurable on device)
Heartbeat					ON	Power supply 1 or 2 failed (alarm configurable on device)
Heartbeat					ON	Temperature too high / low (alarm configurable on device)
Heartbeat					ON	(Redundancy) Connectivity check failed (alarm configurable on device)
Heartbeat					ON	Administrator passwords not configured (alarm configurable on device)
Heartbeat		Blink				Service contact O1: The VPN connection switched via service contact O1 will be established.
Heartbeat		ON				Service contact O1: The VPN connection switched via service contact O1 was successfully established. OR Service contact O1: The firewall rule set switched via service contact O1 was successfully activated .
Heartbeat			Blink			Service contact O2: The VPN connection switched via service contact O2 will be established.
Heartbeat			ON			Service contact O2: The VPN connection switched via service contact O2 was successfully established. OR Service contact O2: The firewall rule set switched via the service contact O2 was successfully activated.
Heartbeat				ON (3 sec)		ECS: The ECS is incompatible.
Heartbeat				ON (3 sec)		ECS: The capacity of the ECS is exhausted.
Heartbeat				ON (3 sec)		ECS: The root password from the ECS does not match.
Heartbeat				ON (3 sec)		ECS: Failed to load the configuration from the ECS.
Heartbeat				ON (3 sec)		ECS: Failed to save the configuration to the ECS.
Heartbeat				ON (2 sec)		RECOVERY: The recovery procedure failed.
ON (2 sec)						RECOVERY: The recovery procedure succeeded.
ON					ON	FLASH PROCEDURE: The flash procedure has been started. Please wait.
Running light	Running light	Running light			ON	FLASH PROCEDURE: The flash procedure is currently executed.
Blink 50/800	Blink 50/800	Blink 50/800			ON	FLASH PROCEDURE: The flash procedure succeeded.
ON				ON		FLASH PROCEDURE: The flash/production procedure failed.
				Blink 50/100 (5 sec)		FLASH PROCEDURE WARNING: Replacing the rescue system. Do not power off. When the blinking stops, the replacement of the rescue system is over.
				ON		FLASH PROCEDURE: The DHCP/BOOTP requests failed.
				ON		FLASH PROCEDURE: Mounting the data storage device failed.
				ON		FLASH PROCEDURE: The flash procedure failed.
				ON		FLASH PROCEDURE: Erasing the file system partition failed.
				ON		FLASH PROCEDURE: Failed to load the firmware image.
				ON		FLASH PROCEDURE: The signature of the firmware image is not valid.
				ON		FLASH PROCEDURE: Failed to load the install script.
				ON		FLASH PROCEDURE: The signature of the install script is not valid.
				ON		FLASH PROCEDURE: The rollout script failed.