cli or cc command to enable/disable IPsec site-to-site VPN connection?

Question

Hello, 
 I have a pair of virtualized UTMs with an IPsec VPN between them. I'm in the process of beginning to test/evaluate XG, and one of the areas to look at is the IPsec VPN. Since the VPN will be going up and down while I'm testing, I'd like to use a CLI command to enable and disable IPsec VPN connections on the remote UTM (which I'd get to via ssh). I suspect that CC is the correct tool to use to do this, but being undocumented (for good reasons), I don't know how. Can someone provide a hint please? Thanks. 
 --Larry

sachingurung · Accepted Answer

Hi Fahnoe, 
 You can shut down IPSec services on the UTM by going into cc > ipsec > status@ > =0 ; but if you have multiple IPSec tunnels configured and running and you just want to disconnect a specific tunnel using a cc command then that is not possible as far as I am aware of. 
 Thanks,

BAlfson · Answer

Hey Larry, 
 You can get the REF_s of the IPsec connections with: 
 cc get ipsec connections 
 Say that gives you 'REF_IpsSitServer' among others. Now you can disable/enable with the following commands: 
 cc change_object REF_IpsSitServer status 0 cc change_object REF_IpsSitServer status 1 
 I'm fairly certain you would find those commands here. 
 Cheers - Bob

Fahnoe · Answer

Hi Sachin, 
 Thank you, this is good to know. This morning I realized that I'd grown so accustomed to using the VPN to access and manage the remote UTM that I'd forgotten about using ssh port forwarding to access the GUI from the WAN side. No need for a CLI or CC command if I have the GUI: 
 ssh -L 4444:localhost:4444 user@remote-utm 
 https://localhost:4444 
 --Larry