Beruflich Dokumente
Kultur Dokumente
cphaprob -a if
cphaprob syncstat
cphaprob list
cphastart/stop
cp_conf sic
SIC stuff
cpconfig
config util
cplic print
cprestart
cpstart
cpstop
cpview
CPU,
cpwd_admin list
cplic print
cpstat
cpstat -f policy fw
fw tab -t sam_blocked_ips
fw tab -t connections -s
fw tab -t connections -f
fw tab -t fwx_alloc -f
fw tab -t peers_count -s
fw tab -t userc_users -s
fw checklic
fw ctl install
fw ctl ip_forwarding
Control IP forwarding
fw ctl pstat
fw ctl uninstall
fw exportlog .o
fw fetch
fw fetch localhost
fw hastat
fw lichosts
fw log -f
fw log -s -e
fw logswitch
fw lslogs
fw monitor
Packet sniffer
fw printlic -p
fw printlic
fw putkey
fw stat -l
fw stat -s
fw unloadlocal
Unload policy
fw ver -k
fwstart
fwstop
fwm lock_admin -v
fwm_start
fwm -p
fwm -a
Adds an Admin
fwm -r
Delete an administrator
Sets the current value of a global keneral parameter. Only Temp ; Cleared after reboot.
Shows arp table
Provider 1
mdsenv [cma name]
mcd
mds_setup
mdsconfig
mdsstat
To start cma
To stop cma
cma_migrate
cmamigrate_assist
VPN
vpn tu
dtps lic
delete IKE SA
delete Phase 2 SA
show IKE SA
router
Enters router mode for use on Secure Platform Pro for advanced routing options
patch add cd
Allows you to mount an iso and upgrade your checkpoint software (SPLAT Only)
backup
restore
snapshot
Performs a system backup which includes all Check Point binaries. Note : This issues a cpstop.
fw vsx stat -l
fw vsx stat -v
reset_gw
resets the gateway, clearing all previous virtual devices and settings.
Debugging
SPLAT Only
VSX
seful CP Commands
Command
cpconfig
cphaprob ldstat
cphaprob stat
cphaprob syncstat
cphastop
cplic print
cpstart
cpstat fw
cpstat ha
cpstat os -f all
cpstat os -f cpu
cpstat os -f routing
cpstop
cpwd_admin monitor_list
Command
swapinfo
fw ctl pstat
fw exportlog -o
fw fetch <manager IP>
fw log
fw log -b <MMM DD, YYYY HH:MM:SS> <MMM DD, YYYY HH:MM:SS>
fw log -c drop
fw log -f
fwm logexport -i <log name> -o <output name>
fw logswitch
fw lslogs
fw stat
fw stat -l
fw tab
fw tab -s -t connections
fw tab -t xlate -x
fw unloadlocal
fw ver
fw monitor -e 'accept (src=10.1.1.1 and dst=20.2.2.2) or (src=20.2.2.2 and dst=10.1.1.1);' -m iIoO -o wireshark.pcap
tcpdump -w capture.pcap -i eth-s1p2c0 host 10.1.1.1 and host 20.2.2.2
tcpdump -nni any host 10.1.1.1 -w capture.pcap
tcpdump -nni any host 10.1.1.1 and host 20.2.2.2 -w capture.pcap
fwmonitor-eaccepthost(192.168.1.12)andtracert;
[Show Windows traceroute (ICMP, TTL<30) from and to
192.168.1.12]
fwmonitor-v23-eaccepttcpport(80);
[Show Capture web traffic for VSX virtual system ID 23]
fwmonitor-eacceptip_p=50andifid=0;
[Show all ESP (IP protocol 50) packets on the interface with
the ID 0.
(List interfaces and corresponding IDs with fw ctl iflist)]
srfw monitor -o output_file.cap
[Show traffic on a SecuRemote/SecureClient client into a file.
srfw.exe is in $SRDIR/bin (C:\Program
Files\CheckPoint\SecuRemote\bin)]
fwmonitor-miIoO(accpetdst=172.31.10.100;)|grepICMP
[This is standard fw monitor on the destionation and
grepping for ICMP (ICMP in capital impotant here, ass the out put is
in capitals)]
fwmonitor-eacceptip_p=1;-oping.cap
fwmonitor-miIoOe(acceptsrc=10.0.1.30anddst=4.2.2.2)and
[9:1]=1;-ooutput.cap
fwmonitor-miIoOeacceptsrc=10.0.1.30ordst=10.0.1.30and
[9:1]=1;-ooutput.cap
fwmonitor-miIoOeaccept(src=10.0.1.30ordst=10.0.1.30)and
no(sport=443ordport=443);-ooutput.cap [open this file in wire
shark.]
fwmonitor-miIoOeaccept(src=10.0.1.30ordst=10.0.1.30);this
is a goood fw monitor to run which wil just output to the CPShell, the
-miIoOJustmeans-Monitorpre(i)nbound post(I)nbound
pre (o)utbound post (O)utboundinterfaces
Description
change SIC, licenses and more
display sync serialization statistics
list the state of the high availability cluster members.
Should show active and standby devices.
display sync transport layer statistics
stop a cluster member from passing traffic. Stops
synchronization. (emergency only)
license information
start all checkpoint services
show policy name, policy install time and interface
table
high availability state
checkpoint interface table, routing table, version,
memory status, cpu load, disk space
checkpoint cpu status
checkpoint routing table
stop all checkpoint services
list processes actively monitored. Firewall should
contain cpd and vpnd.
1. Useful CP Commands
Description
show interface names
show control kernel memory and connections
export the current log file to ascii
get the policy from the firewall manager
show the content of the connections log
search the current log for activity between specific
times, eg
search for dropped packets in the active log; also can
use accept or reject to search
tail the current log
export an old log file on the firewall manager
rotate logs
list firewall logs
firewall status, should contain the name of the policy
and the relevant interfaces.
show which policy is associated with which interface
and package drop, accept and reject
displays firewall tables
number of connections in state table
clear all translated entries
clear local firewall policy
firewall version
2. Useful FW Commands
Description
show control kernel memory and connections
export the current log file to ascii
get the policy from the firewall manager
show the content of the connections log
search the current log for activity between specific
times, eg
search for dropped packets in the active log; also can
use accept or reject to search
tail the current log
export an old log file on the firewall manager
rotate logs
list firewall logs
firewall status, should contain the name of the policy
and the relevant interfaces.
show which policy is associated with which interface
and package drop, accept and reject
displays firewall tables
number of connections in state table
clear all translated entries
clear local firewall policy
firewall version
on_141113_155.cap
on_141113_155.cap
deletearpdynamicalldoesntdeleteproxyarps
ENABLING INTERFACE & VRRP (Simplified mode)
clish-s-csetinterfaceeth-s4p1activeon
clish-s-csetinterfaceeth-s4p1link_trapon
clish-s-csetinterfaceeth-s4p1auto-advertiseoff
clish-s-csetinterfaceeth-s4p1c0enable
clish-s-caddinterfaceeth-s4p1c0addressx.x.x.x/xx
clish-s-csetinterfaceeth-s4p1speed100Mduplexfull
clish-s-caddmcvrvrid<1-255>backup-address<vip>
save config
exit
Description
** CPU Usage **
** Memory Usage **
** Memory Usage %
** free mem and cpu **
** Checks current/max connections **
** Shows Translation Table Connections
** Check for interface errors/collisions **
** detailed interface errors **
** Show processes **
** Check SIC **
**!ckp**
**find CMA IP**
**Check Int Capabilities
**Menu with all hardware**
cphaprob syncstat
cphaprob list
cphastart/stop
cp_conf sic
cpconfig
cplic print
cprestart
cpstart
cpstop
cpstop -fwflag -proc
cpwd_admin list
cplic print
cpstat
fw tab -t sam_blocked_ips
fw tab -t connections -s
fw tab -t connections -f
fw tab -t fwx_alloc -f
fw tab -t peers_count -s
fw tab -t userc_users -s
fw checklic
fw ctl install
fw ctl ip_forwarding
fw ctl pstat
Control IP forwarding
System Resource stats
fw ctl uninstall
fw exportlog .o
fw fetch
fw fetch localhost
fw hastat
fw lichosts
fw log -f
fw log -s -e
fw logswitch
fw lslogs
fw monitor
fw printlic -p
fw printlic
fw putkey
fw stat -l
fw unloadlocal
fw ver -k
fwstart
fwstop
fwm lock_admin -v
fwm dbexport -f user.txt
fwm_start
fwm -p
fwm -a
fwm -r
fw stat -s
PROVIDER 1
mds_setup
mdsconfig
mdsstat
To start cma
To stop cma
cma_migrate
cmamigrate_assist
vpn tu
vpn ipafile_check ipassignment.conf
detail
dtps lic
VPN
show IKE SA
show Phase 2 SA
show VTI detail
DEBUGGING
SPLAT ONLY
router
patch add cd
backup
restore
snapshot
VSX
Expert
ifconfig
netstat
top
ping
message
sysenv
domainname
interface
interfaces
route
allowed-client
clock
date
edition
host
hostname
hw-monitor
inactivity-timeout
Feature or Extended
or Base
extended
extended
extended
extended/feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
category
UNIX
UNIX
UNIX
Networking
GAIA environment
GAIA environment
Networking
Networking
Networking
Networking
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
lcd
time
timezone
version
cd
uptime
cat
clienv
format
feature
feature
feature
feature
feature
feature
extended
feature
feature
Platform admin
Platform admin
Platform admin
Platform admin
UNIX
UNIX
UNIX
GAIA environment
GAIA environment
tag
backup
backups
backup-scheduled
selfpasswd
snapshot
snapshots
history
feature
feature
feature
feature
feature
feature
feature
base
GAIA environment
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
GAIA commands
lock
quit
rollback
save
exit
expert
base
base
base
base
base
base
GAIA commands
GAIA commands
GAIA commands
GAIA commands
GAIA environment
GAIA environment
help
halt
reboot
upgrade cd
upgrade local VALUE
ver
fips
config_system
ping6
base
base
base
base
base
base
extended
extended
extended
GAIA environment
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
???
GAIA commands
Networking
cpshared_ver
extended
Platform admin
diag
patch
raid_diagnostic
raidconfig
cp_conf
cpca
cpca_client
cpca_create
cpca_dbutil
cpconfig
cphaprob
cphastart
cphastop
cpinfo
cplic
cpstart
cpstat
cpstop
cpwd_admin
dtps
etmstart
etmstop
fgate
fw
fwaccel
fwm
ips
LSMcli
LSMenabler
rtm
rtmstart
rtmstop
rtmtopsvc
sim
SnortConvertor
vpn
vsx_util
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
Platform admin
Platform admin
Platform admin
Platform admin
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
traceroute
scratchpad
auditlog
ftw
logging
database
slot
extended
feature
feature
feature
feature
feature
feature
UNIX
???
????
????
????
?????
?????
aggregate
feature
as
feature
bgp
feature
igmp
feature
instance
feature
kernel-routes
feature
max-path-splits
feature
mcvr
feature
mfc
feature
neighbor
feature
neighbor-entry
feature
ospf
feature
pbr
feature
pbr-combine-static
feature
pbr-routing-group
feature
pim
feature
pppoe
feature
protocol-rank
feature
rdisc
feature
rip
feature
routed
feature
route-injection
feature
routemap
feature
routemaps
feature
router-id
feature
router-options
feature
show-route-all
feature
trace
feature
tracefile
command
commands
config
config-lock
config-state
configuration
extended
start
transaction
arp
bonding
bootp
bridging
default-route
dhcp
dns
interface-group
iphelper
ipv6
ipv6-state
management
net-access
nexthop-selection
static6
static-mroute
static-route
aaa-servers
download
expert-password
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
fcd
group
groups
import
feature
feature
feature
feature
Platform admin
Platform admin
Platform admin
Platform admin
inactto
install
installer
installer_mail
installer_policy
local
logicalvolume
mail-notification
maintenance-group
manage-image
mgmtAdmin
mgmt-gui-clients
ntp
password-controls
prod-maintain
rba
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
revert
security-access-group
software-updates-group
ssmtp
stop
system-group
tacacs_enable
uninstall
upgrade
user
users
volume
web
adv-vrrp
blades
certificate_authority
cluster_ha
high-avail-group
license_activation
proxy
restore_policy
smart-console
snmp
sysconfig
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
syslog
virtual-system
vpnt
vrrp
feature
feature
feature
feature
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
vrrp6
vsx
cron
feature
feature
feature
Platform Subsystem
Platform Subsystem
UNIX
Description
Networking
Networking
Show OS processes
Networking
msg of the day
cli environment for tabs, lines, columns
Networking
Networking
Networking
routing
Client that can connect to platform
time
time
version of OS
host name
host name
????
session timeout
For appliances, the front panel LCD admin
Time admin
Timezone admin
version of system
change directory
how much time has system been up
print file
GAIA environment
date, net,tim formats
cli environment to create comment tags
backup system
list backups
build backup schedule
change current password
Take an image of the system
Show system images
history of commands
lock database override to get control of GAIA
config database
exit GAIA
rollback a GAIA batch transaction
config or client evironment
exit out of GAIA
go into SPLAT mode
stop OS
reboot OS
patch upgrade via cd
upgrades
version of system
???
load file to config system
Networking
Print out description of cpshared version,
doesn't seem to work, only in SPLAT
Send system diagnostics information to tftp
install patch
RAID info
RAID info
cp specific commands
certificate authority
certificate authority admin
certificate authority admin
certificate authority admin
configure platform with cpconfig
change HA status
stop HA
start HA
generate cpinfo information
check license
start firewall
check firewall status
stop firewall
watchdog admin for cp processes
client VPN policy server admin
qos
qos
floodgate
checkpoint cmds
checkpoint cmds
checkpoint cmds
Intrusion Prevention System admin
provisioning
provisioning
SmartMonitor admin
SmartMonitor admin
SmartMonitor admin
SmartMonitor admin
SecureXL admin
Convert logs for Snort to read
vpn admin
mgt server vsx admin
Unix traceroute
????
????
????
????
?????
?????
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
??????
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
policy based routing
????
????
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
?????
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
?????
Debug dynamic routing
Debug dynamic routing
GAIA commands
GAIA commands
GAIA command configuration
get config lock
show if commands saved
load config file with config commands
show extended commands
start batch GAIA commands
batch transactions
manual arp
Networking
Networking
Networking
Networking
Networking
Networking
?????
Networking
dyhnamic routing
Dynamic routing admin
set mgt interface
telnet access
Networking
IPV6 static rout
Networking multicast route????
routing
authentication
installing files
set expert password
set fcd revert - possibly a snapshot rever?
GAIA groups of users
GAIA groups of users
Install files
Install files
Install
Install
Install files
Install files
upgrade
change volume info???
email notices
???
????
????
????
time NTP
set password complexity
????
role based admin
Revert GAIA configuration database back to
???
????
Update new software???
?????
install
????
Enable TACAS authentication
install
install
cli users
cli users
move space to/from backup volume
WebUI params
VRRP admin
????
Cert admin???
HA admin????
HA admin????
????
proxy for mail and spam checking
Install
????
SNMP admin
CP sysconfig menu
set syslog cplogs
off - Do not send syslogs to Check Point's logs
on - Send system syslogs to Check Point's
logs
VSX set environment
Vpn config
vrrp failover admin
Vrrp config
webui for vsx
create batch jobs
bash
Command
chsh -s /bin/bash []
chsh -s /bin/bash admin
SCP
Command
scp filename host:/home/admin
-> scp ./test.txt 192.168.0.1:/home/admin
scp host:/home/filename /home/admin
-> scp 192.168.0.1:/home/test.txt /home/admin
-P :
-p : preserve , , .
-r : recursive / .
-C : Compression
Backup
Command
Restore
Command
./opt/CPsuite-R77/fw1/bin/upgrade_tools/upgrade_import [finename]
restore
FW MONITOR
Command
TCPDUMP
Command
tcpdump -i eth-s1p1c0 -w trace.pcap
tcpdump -i eth-s1p1c0 -s 320 -vv udp port 520
tcpdump -i eth-s1p1c0 -s 320 -vv proto igrp
tcpdump -i eth-s1p1c0 tcp port 23
tcpdump -i interface host X.X.X.X
tcpdump -i interface host 10.2.3.4 and not port 80
tcpdump -i interface host 10.2.3.4 or host 10.2.3.5
tcpdump -i eth-s1p1c3 vlan 6
tcpdump -i <physical interface> vlan <vlan number> | grep <host IP address>tcpdump -i eth2c1 vlan 2 | grep 192.168.1.1
tcpdump -s 320 -i eth-s1p1c0
tcpdump -s 1500 -i eth-s1p1c0 -w /var/log/tcpdump_s1p1c0.cap
bash
SCP, ftp .
Default Shell Information : bash
SCP
Backup
$FWDIR /opt/CPsuite-R77/fw1
Local License, Policy, NAT, Topology
gateway
(Web GUI system backup )
Restore
FW MONITOR
tcpdump
TCPDUMP