Last adaptation to the version: 14.1.0 (08.2025)
- Copy in CLI of the web interface via context menu (right-click)
- The history of the CLI via SSH is now persistent
Introduction
The Command Line Interface, or CLI for short, is the actual interface used to configure the Securepoint UTM. All graphical administration tools such as the Web Interface, Security Operation Center or Security Manager convert all your settings into commands that can be executed on the CLI. There are of course differences in the structure and scope of the commands between the individual versions.
This article is intended to give an overview of the possible commands and to show in some examples how to work with the CLI.
CLI on the interface
The CLI in the web interface can be found under .
At the top right is a drop-down button with which you can change the orientation of the CLI window to top, bottom, right, left or full screen.
At the same time, the height or width of the window is set to 50% by default for each of these settings. However, this can also be adjusted individually using the mouse at the edge of the window.
- notemptyYou can copy directly from the terminal using the context menu (right-click to open).New as of v14.1.0:
There are the options- Copy request
- Copy request and answer and
- Copy everything.
CLI via SSH
The CLI via SSH is called up by first establishing an SSH connection for the root or admin user.
Example: ssh admin@<IP address>
Use the up arrow key ↑ to move backwards in the history and the down arrow key ↓ to move forwards.
Please note: When logging in as admin, the CLI opens directly, whereas root users have to start it explicitly by entering spcli.
Commands
The commands on the CLI can be divided into different levels. In v11, these levels have been divided into thematic points. For example, all commands relevant for interface configurations are located below "interface", such as the command "interface address get" (displays all existing IP addresses). Below is a list of all the commands on the first level.
As of version 11.6, when passing multiple parameters, note that they are enclosed in square brackets and separated by a space.
Example:
user group new name gruppenname permission [ perm1 perm2 ...]
| Command | Description |
|---|---|
| alertingcenter | Alerting Center Management |
| appmgmt | Management of the applications (start/stop) |
| captiveportal | Captive Portal Settings |
| cert | Certificate management |
| clear | Deletes the current content of the terminal |
| cli | Settings for the output behavior of the CLI |
| clientlessvpn | Settings for the ClientlessVPN |
| cluster | Settings via the cluster |
| debug | Debug routines |
| dhcp | Settings for the DHCP server |
| dns | Settings for the DNS server |
| exit | Ends the current CLI session |
| extc | Management of variables, as well as templates for applications |
| geolocation | List of geolocation |
| help | List of all commands |
| interface | Settings regarding the interfaces |
| ipsec | Settings for IPSec connections |
| logout | User is logged out after the CLI session ends |
| Mail filter/mail archive settings | |
| manager | Administration release |
| node | Configuration of network objects and groups |
| object | List of all objects |
| openvpn | Configuration of OpenVPN connections |
| pkey | Public key settings |
| qos | Settings for QoS profiles |
| quit | Ends the current CLI session |
| route | Network route management |
| rproxy | Reverse-Proxy configuration |
| rsa | RSA key management |
| rule | Management of the port filter (set of rules) |
| server | Management of the backend servers for the reverse proxy |
| service | Management of the services (ruleset) |
| spf2bd | Management of the FailToBan service |
| ssh | Create and manage the SSH keys for the cluster |
| syslog | Management of the syslog server, as well as output of the livelog |
| system | System-specific configuration items |
| usc_vhost | Management of the Unified Security Console (USC) |
| user | User management |
| view | Various display information |
| webfilter | Web filter configuration |
| wireguard | WireGuard configuration |
| wlan | Management of WLAN functionality |