The commands to connect to an HTTP(S) or TFTP server can be modified by specifying additional parameters. Not all parameters are available for all protocols. If certain default values can be configured from the Setup menu, the device uses these values as long as you do not explicitly overwrite the values with the associated parameters. For example, this applies for the parameters of the version check.
Parameters for the connection
The following parameters allow you to change the way the device connects to the server.
- -a <Address>
- Available for protocol: HTTP, HTTPS, TFTP
- Available for command: all
- Use this parameter to specify an optional loopback address. By entering an optional loopback address you change the source address and route used by the device to connect to the server. This can be useful, for example, when the server is available over different paths and it should use a specific path for its reply message. Possible values are:
-
- Name of the IP network whose address should be inserted
- INT for the address of the first Intranet
- DMZ for the address of the first DMZ
- LB0 to LBF for the 16 loopback addresses
- Any valid IP address
- By default, the server sends its replies back to the IP address of your device without you having to enter it here.
- -f <Directory>/<File>
- Available for protocol: TFTP
- Available for command: all
- Use this parameter to specify the path and name of the file on the server. Using this parameter in combination with -s means that no URL has to be specified.
- -s <Host>
- Available for protocol: TFTP
- Available for command: all
- Use this parameter to specify the DNS name or IP address of the server. Using this parameter in combination with -f means that no URL has to be specified.
Parameters for the version check
In the default settings, the conditions for firmware, configuration and script in the Setup menu (under ) are set to unconditionally. As a result, the commands LoadFirmware, LoadConfig, or LoadScript load or start the corresponding firmware, configuration, or script file without carrying out a version check. However, by specifying the appropriate parameter, you can override this setting when uploading any particular file.- -Cd
- Available for protocol: HTTP, HTTPS, TFTP
- Available for command: LoadFirmware, LoadConfig, LoadScript
- This parameter checks if the file is different to the firmware or configuration on the device, or newer than the last executed script. When the LoadScript command is used, this parameter updates the checksum stored in the device for the most recently executed script.
- -Cn
- Available for protocol: HTTP, HTTPS, TFTP
- Available for command: LoadFirmware
- This parameter checks if the file is newer than the firmware on the device.
- -m
- Available for protocol: HTTP, HTTPS, TFTP
- Available for command: LoadFirmware
- This value defines the minimum version of the firmware. The firmware referenced by the command must be at least of this version in order for the command to execute.
- -u
- Available for protocol: HTTP, HTTPS, TFTP
- Available for command: LoadFirmware, LoadConfig, LoadScript
- This parameter disables the version checking. The file referenced by the command is uploaded and executed unconditionally. When the LoadScript command is used, this parameter does not change the checksum stored in the device for the most recently executed script.
-
Important: The parameter -u always has priority over other parameters entered in a command.
Parameters for the certificate check
When transferring files from an HTTPS server to a client device, the network components check the identity of the remote site by using certificates. For the automatic loading from HTTPS servers, additional parameters are available for downloading and subsequently checking the certificates. You download the certificate in question to the device as SSL – root CA certificate (*.pem, *.crt *.cer [BASE64]), for example using the file management features of LANconfig or WEBconfig.
- -c <MainDir>/<File>
- Available for protocol: HTTPS
- Available for command: all
- Use this parameter to specify the name of the certificate that the device uses to verify the identity of the server before loading the requested file.
- -d <Passphrase>
- Available for protocol: HTTPS
- Available for command: LoadFile
- The device uses this passphrase to encrypt an unencrypted PKCS#12 container.
- -p <MainDir>/<File>
- Available for protocol: HTTPS
- Available for command: LoadFile
- Use this parameter to specify the name of the PKCS#12 container when downloading a file. The PKCS#12 container can contain multiple CA certificates, and thus supports the identity checking of HTTPS servers with certificate chains. A PKCS#12 container can additionally contain a device certificate and the corresponding private key, so that it can confirm the identity of the device to the HTTPS server if this server requires authentication by certificate.
- -n
- Available for protocol: HTTPS
- Available for command: LoadFile
- Use this parameter to deactivate the server name check when loading a file. If you specify the server in the URL as a DNS name (and not as an IP address), then the device checks the certificate for the corresponding server name. If the HTTPS server is a virtual server, then this server can respond with the appropriate certificates for the reported DNS name. Without this parameter, the device checks whether the DNS name in the relevant URL agrees with the ‘common name’ of the submitted certificates. The device downloads the file only if this check is successful.
- -o <MainDir>/<File>
- Available for protocol: HTTPS
- Available for command: LoadFile
- Use this parameter to specify the destination for downloading a file. For example, you can use this option to save a certificate on your device for future identity verification when accessing an HTTPS server.
Use one of the two following main directories as <MainDir>:
- If the destination is a file in the device's internal file system, use the main directory /minifs/. When combined with a parameter, an example would be -c /minifs/sslroot.crt. You can view the available mount points under Mount points for SCP file transfer. . Alternatively, a general overview is also available in the section
- If the destination is a file on an external USB data medium, use the main directory /mountpoint/. When combined with a parameter, an example would be -o /mountpoint/Device-9.00.0244.upx.Important: If the storage path you specify includes subdirectories, these must exist already. The device does not create new directories.
It is also possible to use variables in file names and paths to enable dynamic directory structures (see Variables.