Difference between revisions of "Useful Check Point CLI commands"
From Tech-Wiki
Line 5: | Line 5: | ||
− | '''Useful | + | '''Useful Check Point Commands (to be used on expert mode (bash))''' |
{|border="1" cellpadding="5" cellspacing="0" | {|border="1" cellpadding="5" cellspacing="0" |
Revision as of 14:59, 5 August 2018
Useful Check Point commands. Check Point commands generally come under cp (general) and fw (firewall)
Useful Check Point Commands (to be used on expert mode (bash))
Command | Description |
---|---|
cpconfig | change SIC, licenses and more |
cpview -t | show top style performance counters |
cphaprob stat | list the state of the high availability cluster members. Should show active and standby devices. |
cphaprob -a if | display status of monitored interfaces in a cluster |
cphaprob -l list | display registered cluster devices and status |
cphaprob syncstat | display sync transport layer statistics |
cphaprob ldstat | display sync serialization statistics |
cphastop | stop a cluster member from passing traffic. Stops synchronization. (emergency only) |
clusterXL_admin down –p | disable this node from cluster membership |
cphaconf cluster_id get | get cluster Global ID membership |
cplic print | license information |
cpstart | start all checkpoint services |
cpstat fw | show policy name, policy install time and interface table |
cpstat ha | high availability state |
cpstat blades | top rule hits and amount of connections |
cpstat os -f all | checkpoint interface table, routing table, version, memory status, cpu load, disk space |
cpstat os -f cpu | checkpoint cpu status |
cpstat os -f multi_cpu | checkpoint cpu load distribution |
cpstat os -f sensors | hardware environment (temperature/fan/voltage) |
cpstat os -f routing | checkpoint routing table |
cpstop | stop all checkpoint services |
cpwd_admin monitor_list | list processes actively monitored. Firewall should contain cpd and vpnd. |
show asset all | show serial numbers and hardware info |
show route destination xx.xx.xx.xx | show routing for specific host |
ip route get xx.xx.xx.xx | show routing for specific host |
iclid / show cluster state | show cluster fail over history |
Useful FW Commands
Command | Description |
---|---|
fw ver | firewall version |
fw ctl iflist | show interface names |
fw ctl pstat | show control kernel memory and connections |
fwaccel stat | show SecureXL status |
fw fetch <manager IP> | get the policy from the firewall manager |
fwm load <policy name> <gateway name> | compile and install a policy on the target's gateways. |
fw getifs | list interfaces and IP addresses |
fw log | show the content of the connections log |
fw log -b "MMM DD, YYYY HH:MM:SS" "MMM DD, YYYY HH:MM:SS" | search the current log for activity between specific times |
fw log -c drop | search for dropped packets in the active log; also can use accept or reject to search |
fw log -f | tail the current log |
fwm logexport -i <log name> -o <output name> -n -p | export an old log file on the firewall manager |
fw logswitch | rotate logs |
fw lslogs | list firewall logs |
fw stat | firewall status, should contain the name of the policy and the relevant interfaces. |
fw stat -l | show which policy is associated with which interface and package drop, accept and reject |
fw tab | displays firewall tables |
fw tab -s -t connections | number of connections in state table |
fw tab -s -t userc_users | number of remote users connected (VPN) |
fw tab -t xlate -x | clear all translated entries |
fw unloadlocal | clear local firewall policy |
fw monitor -e "accept host(10.1.1.10);" | trace the packet flow to/from the specified host |
fw ctl zdebug + drop | grep 'x.x.x.x\|y.y.y.y' | Check reason of your packet being dropped |