Difference between revisions of "Useful Check Point CLI commands"

From Tech-Wiki
Jump to: navigation, search
Line 90: Line 90:
 
|iclid / show cluster state
 
|iclid / show cluster state
 
|show cluster fail over history
 
|show cluster fail over history
 +
|-
 +
|promote_util
 +
|promote the Secondary Management server to become the Primary server
 +
|-
 +
|cp_conf sic init key123 norestart
 +
|reset SIC without restarting the firewall process
 
|}
 
|}
  

Revision as of 16:16, 7 January 2019

Back to Gaia

Useful Check Point commands. Check Point commands generally come under cp (general) and fw (firewall). Both of them must be used on expert mode (bash shell)


Useful Check Point Commands

Table 1. Useful CP Commands
Command Description
cpconfig change SIC, licenses and more
cpview -t show top style performance counters
cphaprob stat list the state of the high availability cluster members. Should show active and standby devices.
cphaprob -a if display status of monitored interfaces in a cluster
cphaprob -l list display registered cluster devices and status
cphaprob syncstat display sync transport layer statistics
cphaprob ldstat display sync serialization statistics
cphastop stop a cluster member from passing traffic. Stops synchronization. (emergency only)
clusterXL_admin down –p disable this node from cluster membership
cphaconf cluster_id get get cluster Global ID membership
cplic print license information
cpstart start all checkpoint services
cpstat fw show policy name, policy install time and interface table
cpstat ha high availability state
cpstat blades top rule hits and amount of connections
cpstat os -f all checkpoint interface table, routing table, version, memory status, cpu load, disk space
cpstat os -f cpu checkpoint cpu status
cpstat os -f multi_cpu checkpoint cpu load distribution
cpstat os -f sensors hardware environment (temperature/fan/voltage)
cpstat os -f routing checkpoint routing table
cpstop stop all checkpoint services
cpwd_admin monitor_list list processes actively monitored. Firewall should contain cpd and vpnd.
show asset all show serial numbers and hardware info
show route destination xx.xx.xx.xx show routing for specific host
ip route get xx.xx.xx.xx show routing for specific host
iclid / show cluster state show cluster fail over history
promote_util promote the Secondary Management server to become the Primary server
cp_conf sic init key123 norestart reset SIC without restarting the firewall process


Useful FW Commands

Table 2. Useful FW Commands
Command Description
fw ver firewall version
fw ctl iflist show interface names
fw ctl pstat show control kernel memory and connections
fwaccel stat show SecureXL status
fw fetch <manager IP> get the policy from the firewall manager
fwm load <policy name> <gateway name> compile and install a policy on the target's gateways.
fw getifs list interfaces and IP addresses
fw log show the content of the connections log
fw log -b "MMM DD, YYYY HH:MM:SS" "MMM DD, YYYY HH:MM:SS" search the current log for activity between specific times
fw log -c drop search for dropped packets in the active log; also can use accept or reject to search
fw log -f tail the current log
fwm logexport -i <log name> -o <output name> -n -p export an old log file on the firewall manager
fw logswitch rotate logs
fw lslogs list firewall logs
fw stat firewall status, should contain the name of the policy and the relevant interfaces.
fw stat -l show which policy is associated with which interface and package drop, accept and reject
fw tab displays firewall tables
fw tab -s -t connections number of connections in state table
fw tab -s -t userc_users number of remote users connected (VPN)
fw tab -t xlate -x clear all translated entries
fw unloadlocal clear local firewall policy
fw monitor -e "accept host(10.1.1.10);" trace the packet flow to/from the specified host
fw ctl zdebug + drop | grep 'x.x.x.x\|y.y.y.y' Check reason of your packet being dropped