Difference between revisions of "Useful Check Point CLI commands"
From Tech-Wiki
| Line 75: | Line 75: | ||
|cpstat os -f routing | |cpstat os -f routing | ||
|checkpoint routing table | |checkpoint routing table | ||
| + | |- | ||
| + | |cpstat mg -f log_server | ||
| + | |monitor log servers performance (events/sec) | ||
|- | |- | ||
|cpstop | |cpstop | ||
Revision as of 14:30, 27 March 2019
Useful Check Point commands. Check Point commands generally come under cp (general) and fw (firewall). Both of them must be used on expert mode (bash shell)
Useful Check Point Commands
| Command | Description |
|---|---|
| cpconfig | change SIC, licenses and more |
| cpview -t | show top style performance counters |
| cphaprob stat | list the state of the high availability cluster members. Should show active and standby devices. |
| cphaprob -a if | display status of monitored interfaces in a cluster |
| cphaprob -l list | display registered cluster devices and status |
| cphaprob syncstat | display sync transport layer statistics |
| cphaprob ldstat | display sync serialization statistics |
| cphastop | stop a cluster member from passing traffic. Stops synchronization. (emergency only) |
| clusterXL_admin down –p | disable this node from cluster membership |
| cphaconf cluster_id get | get cluster Global ID membership |
| cphaconf set_ccp broadcast/multicast | set cluster mode |
| cplic print | license information |
| cpstart | start all checkpoint services |
| cpstat fw | show policy name, policy install time and interface table |
| cpstat ha | high availability state |
| cpstat blades | top rule hits and amount of connections |
| cpstat os -f all | checkpoint interface table, routing table, version, memory status, cpu load, disk space |
| cpstat os -f cpu | checkpoint cpu status |
| cpstat os -f multi_cpu | checkpoint cpu load distribution |
| cpstat os -f sensors | hardware environment (temperature/fan/voltage) |
| cpstat os -f routing | checkpoint routing table |
| cpstat mg -f log_server | monitor log servers performance (events/sec) |
| cpstop | stop all checkpoint services |
| cpwd_admin monitor_list | list processes actively monitored. Firewall should contain cpd and vpnd. |
| show sysenv all | show hardware sensors (fans,power supply,temp,volt) |
| show asset all | show serial numbers and hardware info |
| show route destination xx.xx.xx.xx | show routing for specific host |
| ip route get xx.xx.xx.xx | show routing for specific host |
| iclid / show cluster state | show cluster fail over history |
| promote_util | promote the Secondary Management server to become the Primary server |
| cp_conf sic init key123 norestart | reset SIC without restarting the firewall process |
Useful FW Commands
| Command | Description |
|---|---|
| fw ver | firewall version |
| fw ctl iflist | show interface names |
| fw ctl pstat | show control kernel memory and connections |
| fwaccel stat | show SecureXL status |
| fw fetch <manager IP> | get the policy from the firewall manager |
| fwm load <policy name> <gateway name> | compile and install a policy on the target's gateways. |
| fw getifs | list interfaces and IP addresses |
| fw log | show the content of the connections log |
| fw log -b "MMM DD, YYYY HH:MM:SS" "MMM DD, YYYY HH:MM:SS" | search the current log for activity between specific times |
| fw log -c drop | search for dropped packets in the active log; also can use accept or reject to search |
| fw log -f | tail the current log |
| fwm logexport -i <log name> -o <output name> -n -p | export an old log file on the firewall manager |
| fw logswitch | rotate logs |
| fw lslogs | list firewall logs |
| fw stat | firewall status, should contain the name of the policy and the relevant interfaces. |
| fw stat -l | show which policy is associated with which interface and package drop, accept and reject |
| fw tab | displays firewall tables |
| fw tab -s -t connections | number of connections in state table |
| fw tab -s -t userc_users | number of remote users connected (VPN) |
| fw tab -t xlate -x | clear all translated entries |
| fw unloadlocal | clear local firewall policy |
| fw monitor -e "accept host(10.1.1.10);" | trace the packet flow to/from the specified host |
| fw ctl zdebug + drop | grep 'x.x.x.x\|y.y.y.y' | Check reason of your packet being dropped |