device
Device management commands for NDCLI. These commands allow you to list, approve, rename, and remove firewall devices in your organization.
Commands
Section titled “Commands”| Command | Description |
|---|---|
device list | List devices |
device describe | Show device details |
device connect | Connect to a device via Pathfinder |
device approve | Approve a pending device |
device approve-all | Approve all pending devices |
device rename | Rename a device |
device remove | Remove a device |
device list
Section titled “device list”List devices in your organization with optional filtering and sorting.
ndcli device list [flags]| Flag | Type | Default | Description |
|---|---|---|---|
--name | string | Filter by name (regex pattern) | |
--status | string | Filter by status: PENDING, ENABLED, DISABLED | |
--ou | string | Filter by organizational unit | |
--created-after | string | Filter by created date | |
--created-before | string | Filter by created date | |
--heartbeat-after | string | Filter by last heartbeat | |
--heartbeat-before | string | Filter by last heartbeat | |
--synced-after | string | Filter by last sync | |
--synced-before | string | Filter by last sync | |
--drift-status | string | Filter by drift status: IN_SYNC, DRIFT, NEVER_SYNCED, UNKNOWN, ERROR | |
--sort-by | string | name:asc | Sort field and direction |
--page | int | 1 | Page number |
--per-page | int | 30 | Items per page |
Date Filter Formats
Section titled “Date Filter Formats”Date filters accept two formats:
- Relative:
30m,2h,7d,2w(minutes, hours, days, weeks ago) - ISO 8601:
2024-01-15T10:30:00Z
Sort Fields
Section titled “Sort Fields”Available sort fields: name, status, created_at, heartbeat, synced_at, drift_status
Direction: asc or desc (e.g., name:asc, created_at:desc)
Examples
Section titled “Examples”ndcli device list
ndcli device list --status PENDING
ndcli device list --ou production
ndcli device list --heartbeat-before 7d
ndcli device list --created-after 24h
ndcli device list --name "fw-.*-prod"
ndcli device list --sort-by heartbeat:desc
ndcli device list --page 2 --per-page 50
ndcli device list --drift-status DRIFT
ndcli device list --drift-status DRIFT --ou productiondevice describe
Section titled “device describe”Show detailed information about a specific device.
ndcli device describe [device]Arguments
Section titled “Arguments”| Argument | Required | Description |
|---|---|---|
device | Yes | Device name |
Output
Section titled “Output”Shows comprehensive device information:
- Device name and UUID
- Status (PENDING, ENABLED, DISABLED)
- Organizational unit assignment
- Last heartbeat timestamp
- Last sync timestamp and hash
- Drift status (IN_SYNC, DRIFT, NEVER_SYNCED, UNKNOWN, ERROR)
- Creation date
- Hardware/software details
Examples
Section titled “Examples”ndcli device describe my-firewall
ndcli device describe my-firewall -f jsondevice connect
Section titled “device connect”Connect to a device interactively via Pathfinder. Opens a tunneled SSH session and optionally a local webadmin tunnel to the device’s web interface.
ndcli device connect [device] [flags]Arguments
Section titled “Arguments”| Argument | Required | Description |
|---|---|---|
device | Yes | Device name |
| Flag | Type | Default | Description |
|---|---|---|---|
--timeout | duration | 5m | Connection timeout |
--webadmin-port | int | auto | Local port for the webadmin tunnel |
--no-webadmin | bool | false | Disable the webadmin tunnel |
Examples
Section titled “Examples”# Connect with default settingsndcli device connect my-firewall
# Connect with a custom timeoutndcli device connect my-firewall --timeout 15m
# Connect without webadmin tunnelndcli device connect my-firewall --no-webadmin
# Connect with webadmin on a specific portndcli device connect my-firewall --webadmin-port 8443device approve
Section titled “device approve”Approve a pending device, allowing it to receive configurations and participate in the organization.
ndcli device approve [device]Arguments
Section titled “Arguments”| Argument | Required | Description |
|---|---|---|
device | Yes | Device name to approve |
Examples
Section titled “Examples”ndcli device approve new-firewall- Only devices with
PENDINGstatus can be approved - After approval, the device status changes to
ENABLED - Approved devices can receive configuration syncs
device approve-all
Section titled “device approve-all”Approve all pending devices in the organization at once.
ndcli device approve-allExamples
Section titled “Examples”ndcli device approve-alldevice rename
Section titled “device rename”Rename a device.
ndcli device rename [device] [new-name]Arguments
Section titled “Arguments”| Argument | Required | Description |
|---|---|---|
device | Yes | Current device name |
new-name | Yes | New name for the device |
Examples
Section titled “Examples”ndcli device rename old-name new-name- Device names must be unique within the organization
- The rename takes effect immediately
- The device UUID remains unchanged
device remove
Section titled “device remove”Remove a device from the organization.
ndcli device remove [device]Arguments
Section titled “Arguments”| Argument | Required | Description |
|---|---|---|
device | Yes | Device name to remove |
Examples
Section titled “Examples”ndcli device remove decommissioned-firewall