For more information on using the CGI interfaces, see mGuard Application Notes (UM EN MGUARD APPNOTES), available at phoenixcontact.net/products or help.mguard.com.

When executing the CGI scrips nph-vpn.cgi, nph-diag.cgi, nph-status.cgi and nph-action.cgi, only the following characters may be used in user names, passwords, and other user-defined names (for example, the name of a VPN connection):

–Letters: A - Z, a - z

–Digits: 0 - 9

–Special characters: - . _ ~

If other special characters, such as "space" or the "question mark", are used, they must be encoded accordingly (URL encoding).

Using the command line tool wget is not supported. Instead, you can use the command line tool curl (parameters and options differ!).

Examples:

curl --insecure "https://admin:mGuard@192.168.1.1/nph-vpn.cgi?name=Athen&cmd=up"

curl --insecure "https://admin:mGuard@192.168.1.1/nph-action.cgi?ac­tion=tools%2Ftcpdump-start&interface=eth1"

The option --insecure (curl) ensures that the HTTPS certificate on the mGuard does not undergo any further checking.

%20

%21

%22

%23

%24

%25

%26

%27

%28

%29

%2A

%2B

%2C

%2F

%3A

%3B

%3D

%3F

%40

%5B

%5C

%5D

%7B

%7C

%7D

mg update

patches

An automatic online update will be started. The required package set will be determined automatically by the mGuard (see“Automatic Up­date” on page 90).

Patch-Releases resolve errors in previous versions and have a version number which only changes in the third digit position.

minor

Minor- und major releases supple­ment the mGuard with new proper­ties or contain changes that affect the behavior of the mGuard. Their version number changes in the first or second digit position.

major

mg status

/network/dns-servers

Used DNS server

Names of the DNS servers used by the mGuard for name resolution.

/network/if-state/ext1/gw

Current default route

The IP address that the mGuard uses to try to reach unknown networks.

/network/if-state/ext1/ip

External IP address

The addresses via which the mGuard can be accessed by devices from the external network.

In Stealth mode, the mGuard adopts the address of the locally connected computer as its external IP.

/network/if-state/ext1/net­mask

Net mask of the external
IP address.

Operational

Heart­beat

The system status is OK.

The PF1 LED is blinking in the rhythm "heartbeat".

System start

Heart­beat

ON
(~20 sec)

ON
(~20 sec)

The system is booting.

All LEDs of the Ethernet ports (LNK/ACT and SPD) briefly light up red/green.

All PF LEDs (PF1-5) briefly light up orange.

The PF1 LED is blinking in the rhythm "heartbeat".

Heart­beat

Blink

500/500

ON

The device failed to start after an integrity check of the file system. The file system is damaged or has been manipulated.

Heart­beat

ON

(orange)
(3 sec)

ECS: The configuration was successfully loaded and applied from the ECS.

Update

Blink

500/500

Bootloader replacement failed due to hardware er­ror.

Blink

500/500

Another severe error has happened.

Operation Supervision / Alarm output

Heart­beat

ON

No connectivity on WAN interface (link supervision configurable on device)

Heart­beat

ON

No connectivity on LAN interface (link supervision configurable on device)

Heart­beat

ON

Power supply 1 or 2 failed (alarm configurable on device)

Heart­beat

ON

Temperature too high / low (alarm configurable on device)

Heart­beat

ON

(Redundancy) Connectivity check failed (alarm configurable on device)

Heart­beat

ON

Administrator passwords not configured (alarm configurable on device)

Controllable VPN connections/firewall rule records (via service contacts)

Heart­beat

Blink

Service contact O1: The VPN connection switched via service contact O1 will be established.

Heart­beat

ON

Service contact O1: The VPN connection switched via service contact O1 was successfully estab­lished.

OR

Service contact O1: The firewall rule record switched via service contact O1 was successfully activated .

Heart­beat

Blink

Service contact O2: The VPN connection switched via service contact O2 will be established.

Heart­beat

ON

Service contact O2: The VPN connection switched via service contact O2 was successfully estab­lished.

OR

Service contact O2: The firewall rule record switched via the service contact O2 was success­fully activated.

External Configuration Storage (ECS)

Heart­beat

ON

(orange)
(3 sec)

ECS: The configuration was successfully loaded and applied from the ECS.

Heart­beat

ON
(3 sec)

ECS: The ECS is incompatible.

Heart­beat

ON
(3 sec)

ECS: The capacity of the ECS is exhausted.

Heart­beat

ON
(3 sec)

ECS: The root password from the ECS does not match.

Heart­beat

ON
(3 sec)

ECS: Failed to load the configuration from the ECS.

Heart­beat

ON
(3 sec)

ECS: Failed to save the configuration to the ECS.

Recovery procedure

Heart­beat

ON
(2 sec)

RECOVERY: The recovery procedure failed.

ON
(2 sec)

RECOVERY: The recovery procedure succeeded.

Flash procedure

ON

ON

FLASH PROCEDURE: The flash procedure has been started. Please wait.

Running light

Running light

Running light

ON

FLASH PROCEDURE: The flash procedure is cur­rently executed.

Blink
50/800

Blink
50/800

Blink
50/800

ON

FLASH PROCEDURE: The flash procedure suc­ceeded.

ON

FLASH PROCEDURE: The flash procedure failed.

Blink
50/100
(5 sec)

FLASH PROCEDURE WARNING: Replacing the res­cue system. Do not power off. When the blinking stops, the replacement of the rescue system is over.

ON

FLASH PROCEDURE: The DHCP/BOOTP requests failed.

ON

FLASH PROCEDURE: Mounting the data storage device failed.

ON

FLASH PROCEDURE: Erasing the file system parti­tion failed.

ON

FLASH PROCEDURE: Failed to load the firmware image.

ON

FLASH PROCEDURE: The signature of the firmware image is not valid.

ON

FLASH PROCEDURE: Failed to load the install script.

ON

FLASH PROCEDURE: The signature of the install script is not valid.

ON

FLASH PROCEDURE: The rollout script failed.