Difference between revisions of "Useful Check Point CLI commands"

From Tech-Wiki
Jump to: navigation, search
 
(34 intermediate revisions by the same user not shown)
Line 2: Line 2:
 
'''[[Check Point#Gaia|Back to Gaia]]'''
 
'''[[Check Point#Gaia|Back to Gaia]]'''
  
Useful Check Point commands. Check Point commands generally come under '''cp''' (general) and '''fw''' (firewall)
+
Useful Check Point commands. Check Point commands generally come under '''cp''' (general) and '''fw''' (firewall).  Both of them must be used on expert mode (bash shell)
<blockquote></blockquote>
+
 
'''Useful CP Commands'''
+
 
<blockquote></blockquote>
+
'''Useful Check Point Commands'''
 +
 
 
{|border="1" cellpadding="5" cellspacing="0"
 
{|border="1" cellpadding="5" cellspacing="0"
 
|+ align="bottom" |''Table 1.  Useful CP Commands''
 
|+ align="bottom" |''Table 1.  Useful CP Commands''
Line 15: Line 16:
 
|change SIC, licenses and more
 
|change SIC, licenses and more
 
|-
 
|-
|cphaprob ldstat
+
|cpview -t
|display sync serialization statistics
+
|show top style performance counters
 
|-
 
|-
 
|cphaprob stat
 
|cphaprob stat
 
|list the state of the high availability cluster members. Should show active and standby devices.
 
|list the state of the high availability cluster members. Should show active and standby devices.
 +
|-
 +
|cphaprob -a if
 +
|display status of monitored interfaces in a cluster
 +
|-
 +
|cphaprob -l list
 +
|display registered cluster devices and status
 
|-
 
|-
 
|cphaprob syncstat
 
|cphaprob syncstat
 
|display sync transport layer statistics
 
|display sync transport layer statistics
 
|-
 
|-
|cphaprob -a if
+
|cphaprob ldstat
|display status of monitored interfaces in a cluster
+
|display sync serialization statistics
 
|-
 
|-
 
|cphastop
 
|cphastop
 
|stop a cluster member from passing traffic. Stops synchronization. (emergency only)
 
|stop a cluster member from passing traffic. Stops synchronization. (emergency only)
 +
|-
 +
|clusterXL_admin down –p
 +
|disable this node from cluster membership
 +
|-
 +
|cphaconf cluster_id get
 +
|get cluster Global ID membership
 +
|-
 +
|cphaconf set_ccp broadcast/multicast
 +
|set cluster mode
 
|-
 
|-
 
|cplic print
 
|cplic print
Line 41: Line 57:
 
|cpstat ha
 
|cpstat ha
 
|high availability state
 
|high availability state
 +
|-
 +
|cpstat blades
 +
|top rule hits and amount of connections
 
|-
 
|-
 
|cpstat os -f all
 
|cpstat os -f all
Line 47: Line 66:
 
|cpstat os -f cpu
 
|cpstat os -f cpu
 
|checkpoint cpu status
 
|checkpoint cpu status
 +
|-
 +
|cpstat os -f multi_cpu
 +
|checkpoint cpu load distribution
 +
|-
 +
|cpstat os -f sensors
 +
|hardware environment (temperature/fan/voltage)
 
|-
 
|-
 
|cpstat os -f routing
 
|cpstat os -f routing
 
|checkpoint routing table
 
|checkpoint routing table
 +
|-
 +
|cpstat mg -f log_server
 +
|monitor log servers performance (events/sec)
 +
|-
 +
| cpstat -f log_connection fw
 +
|monitor log servers settings
 
|-
 
|-
 
|cpstop
 
|cpstop
Line 56: Line 87:
 
|cpwd_admin monitor_list
 
|cpwd_admin monitor_list
 
|list processes actively monitored. Firewall should contain cpd and vpnd.
 
|list processes actively monitored. Firewall should contain cpd and vpnd.
 +
|-
 +
|show sysenv all
 +
|show hardware sensors (fans,power supply,temp,volt)
 +
|-
 +
|show asset all
 +
|show serial numbers and hardware info
 +
|-
 +
|show route destination xx.xx.xx.xx
 +
|show routing for specific host
 +
|-
 +
|ip route get xx.xx.xx.xx
 +
|show routing for specific host
 +
|-
 +
|iclid / show cluster state
 +
|show cluster fail over history
 +
|-
 +
|promote_util
 +
|promote the Secondary Management server to become the Primary server
 +
|-
 +
|cp_conf sic init key123 norestart
 +
|reset SIC without restarting the firewall process
 
|}
 
|}
<blockquote></blockquote>
+
 
 +
 
 +
 
 
'''Useful FW Commands'''
 
'''Useful FW Commands'''
<blockquote></blockquote>
 
 
{|border="1" cellpadding="5" cellspacing="0"
 
{|border="1" cellpadding="5" cellspacing="0"
 
|+ align="bottom" |''Table 2.  Useful FW Commands''
 
|+ align="bottom" |''Table 2.  Useful FW Commands''
Line 65: Line 118:
 
!scope="col" style="background:#97CAFF;" |Command
 
!scope="col" style="background:#97CAFF;" |Command
 
!scope="col" style="background:#97CAFF;" |Description
 
!scope="col" style="background:#97CAFF;" |Description
 +
|-
 +
|fw ver
 +
|firewall version
 
|-
 
|-
 
|fw ctl iflist
 
|fw ctl iflist
Line 72: Line 128:
 
|show control kernel memory and connections
 
|show control kernel memory and connections
 
|-
 
|-
|fw exportlog -o
+
|fwaccel stat
|export the current log file to ascii
+
|show SecureXL status
 
|-
 
|-
 
|fw fetch <manager IP>
 
|fw fetch <manager IP>
Line 80: Line 136:
 
|fwm load <policy name> <gateway name>
 
|fwm load <policy name> <gateway name>
 
|compile and install a policy on the target's gateways.
 
|compile and install a policy on the target's gateways.
 +
|-
 +
|fw getifs
 +
|list interfaces and IP addresses
 
|-
 
|-
 
|fw log
 
|fw log
 
|show the content of the connections log
 
|show the content of the connections log
 
|-
 
|-
|fw log -b <MMM DD, YYYY HH:MM:SS> <MMM DD, YYYY HH:MM:SS>
+
|fw log -b "MMM DD, YYYY HH:MM:SS" "MMM DD, YYYY HH:MM:SS"
|search the current log for activity between specific times, eg
+
|search the current log for activity between specific times
 
|-
 
|-
 
|fw log -c drop
 
|fw log -c drop
Line 93: Line 152:
 
|tail the current log
 
|tail the current log
 
|-
 
|-
|fwm logexport -i <log name> -o <output name>
+
|fwm logexport -i <log name> -o <output name> -n -p
 
|export an old log file on the firewall manager
 
|export an old log file on the firewall manager
 
|-
 
|-
Line 113: Line 172:
 
|fw tab -s -t connections
 
|fw tab -s -t connections
 
|number of connections in state table
 
|number of connections in state table
 +
|-
 +
|fw tab -f -t vpn_routing -u
 +
|routing for remote vpns
 +
|-
 +
|fw tab -s -t userc_users
 +
|number of remote users connected (VPN)
 
|-
 
|-
 
|fw tab -t xlate -x
 
|fw tab -t xlate -x
Line 123: Line 188:
 
|trace the packet flow to/from the specified host
 
|trace the packet flow to/from the specified host
 
|-
 
|-
|fw ver
+
|fw ctl zdebug + drop <nowiki>|</nowiki> grep 'x.x.x.x\<nowiki>|</nowiki>y.y.y.y'
|firewall version
+
|Check reason of your packet being dropped
 
|}
 
|}

Latest revision as of 19:03, 19 February 2023

Back to Gaia

Useful Check Point commands. Check Point commands generally come under cp (general) and fw (firewall). Both of them must be used on expert mode (bash shell)


Useful Check Point Commands

Table 1. Useful CP Commands
Command Description
cpconfig change SIC, licenses and more
cpview -t show top style performance counters
cphaprob stat list the state of the high availability cluster members. Should show active and standby devices.
cphaprob -a if display status of monitored interfaces in a cluster
cphaprob -l list display registered cluster devices and status
cphaprob syncstat display sync transport layer statistics
cphaprob ldstat display sync serialization statistics
cphastop stop a cluster member from passing traffic. Stops synchronization. (emergency only)
clusterXL_admin down –p disable this node from cluster membership
cphaconf cluster_id get get cluster Global ID membership
cphaconf set_ccp broadcast/multicast set cluster mode
cplic print license information
cpstart start all checkpoint services
cpstat fw show policy name, policy install time and interface table
cpstat ha high availability state
cpstat blades top rule hits and amount of connections
cpstat os -f all checkpoint interface table, routing table, version, memory status, cpu load, disk space
cpstat os -f cpu checkpoint cpu status
cpstat os -f multi_cpu checkpoint cpu load distribution
cpstat os -f sensors hardware environment (temperature/fan/voltage)
cpstat os -f routing checkpoint routing table
cpstat mg -f log_server monitor log servers performance (events/sec)
cpstat -f log_connection fw monitor log servers settings
cpstop stop all checkpoint services
cpwd_admin monitor_list list processes actively monitored. Firewall should contain cpd and vpnd.
show sysenv all show hardware sensors (fans,power supply,temp,volt)
show asset all show serial numbers and hardware info
show route destination xx.xx.xx.xx show routing for specific host
ip route get xx.xx.xx.xx show routing for specific host
iclid / show cluster state show cluster fail over history
promote_util promote the Secondary Management server to become the Primary server
cp_conf sic init key123 norestart reset SIC without restarting the firewall process


Useful FW Commands

Table 2. Useful FW Commands
Command Description
fw ver firewall version
fw ctl iflist show interface names
fw ctl pstat show control kernel memory and connections
fwaccel stat show SecureXL status
fw fetch <manager IP> get the policy from the firewall manager
fwm load <policy name> <gateway name> compile and install a policy on the target's gateways.
fw getifs list interfaces and IP addresses
fw log show the content of the connections log
fw log -b "MMM DD, YYYY HH:MM:SS" "MMM DD, YYYY HH:MM:SS" search the current log for activity between specific times
fw log -c drop search for dropped packets in the active log; also can use accept or reject to search
fw log -f tail the current log
fwm logexport -i <log name> -o <output name> -n -p export an old log file on the firewall manager
fw logswitch rotate logs
fw lslogs list firewall logs
fw stat firewall status, should contain the name of the policy and the relevant interfaces.
fw stat -l show which policy is associated with which interface and package drop, accept and reject
fw tab displays firewall tables
fw tab -s -t connections number of connections in state table
fw tab -f -t vpn_routing -u routing for remote vpns
fw tab -s -t userc_users number of remote users connected (VPN)
fw tab -t xlate -x clear all translated entries
fw unloadlocal clear local firewall policy
fw monitor -e "accept host(10.1.1.10);" trace the packet flow to/from the specified host
fw ctl zdebug + drop | grep 'x.x.x.x\|y.y.y.y' Check reason of your packet being dropped