Main commands
You can use the following commands within the virtual machine (VM) console for your platform in order to configure and troubleshoot NSS. By default, root login is not permitted, so admins must use the sudo
utility to run a command with higher privileges.
Start the service | sudo nss start |
Stop the service | sudo nss stop |
Restart the service | sudo nss restart |
Shut down the operating system | sudo nss restart |
Change the network configuration for the service | sudo nss configure |
Configure additional interfaces | sudo nss configure split-interface |
Configure an explicit proxy | sudo nss configure proxy |
If you configured additional interfaces using the | sudo nss configure split-interface --wipe |
To remove the network settings that were configured using the | sudo nss configure --wipe |
To display the configuration file that was changed using the | sudo nss dump-config |
To install NSS certificates from a specified certificate bundle file | sudo nss install-cert <certificate bundle file> |
To check if a new NSS version is available | sudo nss checkversion |
To manually update NSS to the latest version | sudo nss update-now |
To force NSS to update, regardless of whether a new version is available | sudo nss force-update-now |
To check the firewall configuration | sudo nss test-firewall This command does active firewall configuration probing by attempting to resolve the DNS names and establishing outbound connections to the Zscaler cloud. This command won't reset the management IP interface, so you can run it on an SSH connection. |
To view troubleshooting help command information | sudo nss troubleshoot help |
To show the active connections on the service IP address | sudo nss troubleshoot netstat The output is similar to that of the Netstat utility. |
To show the connections and their status | sudo nss troubleshoot connection This command will probe the connection status over a period of time and indicate whether the connections are stable or flapping. |
To show the status of the NSS feeds | sudo nss troubleshoot feeds This command will probe the status of the feeds and determine if the logs are queued due to the slow consumption of logs by the Devo Relay. |
To generate diagnostic information to send to Zscaler Support | sudo nss collect-diagnostics This command collects the configuration, vital statistics regarding the health of NSS, and error statistics, and then downloads the data to a local file. This file can be emailed to Zscaler Support for troubleshooting purposes. |
To reset the network configuration | sudo nss reset-network |
To change the SNMP admin user configuration | sudo nss snmp-admin-configure |
To change the SNMP trap configuration | sudo nss snmp-trap-configure |
To automatically start NSS after reboot | sudo nss enable-autostart |
To disable the automatic start of NSS after reboot | sudo nss disable-autostart |
Enabling remote access
An admin can request remote assistance and allow Zscaler Support to log in to their NSS server without having to open a firewall connection for inbound traffic. This feature is disabled by default and must be enabled explicitly for the duration that remote support assistance is required.
To enable Zscaler Support to access your NSS server | sudo nss support-access-start This will create a long-lived SSH tunnel to the Zscaler cloud and sets up remote port forwarding. Zscaler Support can then use this tunnel to log in to your NSS server. |
To disable Zscaler Support access to your NSS server | sudo nss support-access-stop This will bring down the long-lived SSH tunnel to the Zscaler cloud and all the remote connections. |
To check the status of the Zscaler Support access to your NSS server | sudo nss support-access-status This will check the status of the long-lived SSH tunnel to the Zscaler cloud, which Zscaler Support uses to log in to your NSS server. |
To enable a remote debugging session | sudo nss enable-remote-debugging |
To disable a remote debugging session | sudo nss disable-remote-debugging |
Error codes
Following are error codes that you might encounter when executing an sudo nss update-now
command: