CLI Client
Last updated
Was this helpful?
Last updated
Was this helpful?
Latest release page:
Deb:
RPM:
Binary:
Deb:
RPM:
Binary:
Root access on a given machine
Defguard proxy running and accessible from the machine the CLI will be installed on
resolvconf
and ip
commands available
Installation is straightforward. As a root, install it as any other package of a given type (deb/rpm).
After installing the CLI, you should gain access to the dg
command and a new dg
service should've been created. You can interact with the client using the dg
command alone or use the service to run it in background. You can test if the installation succeeded by trying to print the command's help:
After you've configured your network device on Defguard core, you will be presented with the following command:
Execute the command obtained in the previous step to configure defguard CLI on the machine of your choice. The enrollment command will pull all the information required to establish a connection from your Defguard instance (through the Defguard proxy, so make sure it can be accessed) and will save it in a configuration file. Run the enroll
command only when you need to retrieve your network configuration and apply it to the CLI Client. If you have access to the enterprise features, the CLI should automatically handle this when running.
After completing the enrollment, you can connect to the given network by running the following command as root:
After executing the command you should see a message stating that you have been connected to your network of choice.
If you have access to the enterprise features, CLI will periodically fetch the latest network config and apply it if it has changed. This is useful because when you edit your network configuration in Defguard core, you won't have to manually re-configure every network device.
You can configure the service and set the log verbosity by editing /etc/defguard/dg.conf
.
It may be easier to identify a problem by passing one of the following flags, which control the logging verbosity level:
Those flags can be passed to any command to display more detailed information about the given process.
This shouldn't affect anything and can be ignored in most cases.
Defguard CLI works only with , so to use it, you will need to first add a new network device. Refer to the network device documentation to learn more.
Copy the command and proceed with .
After installing the CLI, a systemd service will be automatically setup. The service won't be running at first as the manual is needed beforehand. After you've completed the enrollment, you can start the service, e.g. by doing: