복사본 Checkpoint - CLI - summary (자동 저장됨)

Check Point commands generally come under cp (general), fw (firewall), and fwm (management).
CP, FW & FWM

cphaprob stat
List cluster status
cphaprob -a if
List status of interfaces
cphaprob syncstat
shows the sync status
cphaprob list
Shows a status in list form
cphastart/stop
Stops clustering on the specfic node
cp_conf sic
SIC stuff
cpconfig
config util
cplic print
prints the license
cprestart
Restarts all Check Point Services
cpstart
Starts all Check Point Services
cpstop
Stops all Check Point Services
cpstop -fwflag -proc
Stops all checkpoint Services but keeps policy active in kernel
cpview
CPU,
cpwd_admin list
List checkpoint processes
cplic print
Print all the licensing information.
cpstat -f all polsrv
Show VPN Policy Server Stats
cpstat
Shows the status of the firewall
cpstat -f policy fw
fw tab -t sam_blocked_ips
Block IPS via SmartTracker
fw tab -t connections -s
Show connection stats
fw tab -t connections -f
Show connections with IP instead of HEX
fw tab -t fwx_alloc -f
Show fwx_alloc with IP instead of HEX
fw tab -t peers_count -s
Shows VPN stats
fw tab -t userc_users -s
Shows VPN stats
fw checklic
Check license details
fw ctl get int [global kernel parameter]

fw ctl set int [global kernel parameter]
[value]
fw ctl arp
Shows the current value of a global kernel parameter
fw ctl install
Install hosts internal interfaces
fw ctl ip_forwarding
Control IP forwarding
fw ctl pstat
System Resource stats
fw ctl uninstall
Uninstall hosts internal interfaces
fw exportlog .o
Export current log file to ascii file
fw fetch
Fetch security policy and install
fw fetch localhost
Installs (on gateway) the last installed policy.
fw hastat
Shows Cluster statistics
fw lichosts
Display protected hosts
fw log -f
Tail the current log file
fw log -s -e
Retrieve logs between times
fw logswitch
Rotate current log file
fw lslogs
Display remote machine log-file list
fw monitor
Packet sniffer
fw printlic -p
Print current Firewall modules
fw printlic
Print current license details
fw putkey
Install authenication key onto host
fw stat -l
Long stat list, shows which policies are installed
fw stat -s
Short stat list, shows which policies are installed
fw unloadlocal
Unload policy
fw ver -k
Returns version, patch info and Kernal info
fwstart
Starts the firewall
fwstop
Stop the firewall
fwm lock_admin -v
View locked admin accounts
fwm dbexport -f user.txt
used to export users , can also use dbimport
fwm_start
starts the management processes
fwm -p
Print a list of Admin users
fwm -a
Adds an Admin
fwm -r
Delete an administrator
Sets the current value of a global keneral parameter. Only Temp ; Cleared after reboot.
Shows arp table
Provider 1
mdsenv [cma name]
Sets the mds environment
mcd
Changes your directory to that of the environment.
mds_setup
To setup MDS Servers
mdsconfig
Alternative to cpconfig for MDS servers
mdsstat
To see the processes status
mdsstart_customer [cma name]
To start cma
mdsstop_customer [cma name]
To stop cma
cma_migrate
To migrate an Smart center server to CMA

If you dont want to go through the pain of tar/zip/ftp and if you wish to enable FTP on Smart
center server
cmamigrate_assist
VPN
vpn tu
VPN utility, allows you to rekey vpn
vpn ipafile_check ipassignment.conf detail
Verifies the ipassignment.conf file
dtps lic
show desktop policy license status
show status of the dtps
vpn shell /tunnels/delete/IKE/peer/[peer ip]
delete IKE SA
vpn shell /tunnels/delete/IPsec/peer/[peer

ip]
delete Phase 2 SA
vpn shell /show/tunnels/ike/peer/[peer ip]
show IKE SA
vpn shell /show/tunnels/ipsec/peer/[peer ip] show Phase 2 SA

vpn shell show interface detailed [VTI
name]
show VTI detail
fw ctl zdebug drop
shows dropped packets in realtime / gives reason for drop
router
Enters router mode for use on Secure Platform Pro for advanced routing options
patch add cd
Allows you to mount an iso and upgrade your checkpoint software (SPLAT Only)
backup
Allows you to preform a system operating system backup
restore
Allows you to restore your backup
snapshot
Performs a system backup which includes all Check Point binaries. Note : This issues a cpstop.
vsx get [vsys name/id]
get the current context
vsx set [vsys name/id]
set your context
fw -vs [vsys id] getifs
show the interfaces for a virtual device
fw vsx stat -l
shows a list of the virtual devices and installed policies
fw vsx stat -v
shows a list of the virtual devices and installed policies (verbose)
reset_gw
resets the gateway, clearing all previous virtual devices and settings.
Debugging
SPLAT Only
VSX
seful CP Commands
Command
cpconfig
cphaprob ldstat
cphaprob stat
cphaprob syncstat
cphastop
cplic print
cpstart
cpstat fw
cpstat ha
cpstat os -f all
cpstat os -f cpu
cpstat os -f routing
cpstop
cpwd_admin monitor_list
Table 1. Useful CP Commands

Useful FW Commands
Command
fw ctl iflist
fw ctl pstat
fw exportlog -o
fw fetch <manager IP>
fw log
fw log -b <MMM DD, YYYY HH:MM:SS> <MMM DD, YYYY HH:MM:SS>
fw log -c drop
fw log -f
fwm logexport -i <log name> -o <output name>
fw logswitch
fw lslogs
fw stat
fw stat -l
fw tab
fw tab -s -t connections
fw tab -t xlate -x
fw unloadlocal
fw ver
Table 2. Useful FW Commands

VARIOUS HEALTH RELATED COMMANDS
Command
swapinfo
fw ctl pstat
fw exportlog -o
fw fetch <manager IP>
fw log
fw log -b <MMM DD, YYYY HH:MM:SS> <MMM DD, YYYY HH:MM:SS>
fw log -c drop
fw log -f
fwm logexport -i <log name> -o <output name>
fw logswitch
fw lslogs
fw stat
fw stat -l
fw tab
fw tab -s -t connections
fw tab -t xlate -x
fw unloadlocal
fw ver
fw monitor -e 'accept (src=10.1.1.1 and dst=20.2.2.2) or (src=20.2.2.2 and dst=10.1.1.1);' -m iIoO -o wireshark.pcap
tcpdump -w capture.pcap -i eth-s1p2c0 host 10.1.1.1 and host 20.2.2.2
tcpdump -nni any host 10.1.1.1 -w capture.pcap
tcpdump -nni any host 10.1.1.1 and host 20.2.2.2 -w capture.pcap
[Expert@fw]# fw monitor -e "src=192.168.1.100 or dst=192.168.1.100,

accept;"
##FW MONITOR Examples###
fwmonitor-eaccepthost(192.168.1.12);[Show
packets with IP 192.168.1.12 as SRC or DST:]
fwmonitor-eacceptsrc=192.168.1.12anddst=192.168.3.3;
[Show all packets from 192.168.1.12 to 192.168.3.3:]
fwmonitor-piipopt_strip-eacceptudpport(53);
[Show UDP port 53 (DNS) packets, pre-in position is before
'ippot_strip':]
fwmonitor-mO-eacceptudpand(sport>1023ordport>1023);
[Show UPD traffic from or to unprivileged ports, only show postout]
fwmonitor-eaccepthost(192.168.1.12)andtracert;
[Show Windows traceroute (ICMP, TTL<30) from and to
192.168.1.12]
fwmonitor-v23-eaccepttcpport(80);
[Show Capture web traffic for VSX virtual system ID 23]
fwmonitor-eacceptip_p=50andifid=0;
[Show all ESP (IP protocol 50) packets on the interface with
the ID 0.
(List interfaces and corresponding IDs with fw ctl iflist)]
srfw monitor -o output_file.cap
[Show traffic on a SecuRemote/SecureClient client into a file.
srfw.exe is in $SRDIR/bin (C:\Program
Files\CheckPoint\SecuRemote\bin)]
fwmonitor-miIoO(accpetdst=172.31.10.100;)|grepICMP
[This is standard fw monitor on the destionation and
grepping for ICMP (ICMP in capital impotant here, ass the out put is
in capitals)]
fwmonitor-eacceptip_p=1;-oping.cap
fwmonitor-miIoOe(acceptsrc=10.0.1.30anddst=4.2.2.2)and
[9:1]=1;-ooutput.cap
fwmonitor-miIoOeacceptsrc=10.0.1.30ordst=10.0.1.30and
[9:1]=1;-ooutput.cap
fwmonitor-miIoOeaccept(src=10.0.1.30ordst=10.0.1.30)and
no(sport=443ordport=443);-ooutput.cap [open this file in wire
shark.]
fwmonitor-miIoOeaccept(src=10.0.1.30ordst=10.0.1.30);this
is a goood fw monitor to run which wil just output to the CPShell, the
-miIoOJustmeans-Monitorpre(i)nbound post(I)nbound
pre (o)utbound post (O)utboundinterfaces
Description
change SIC, licenses and more
display sync serialization statistics
list the state of the high availability cluster members.
Should show active and standby devices.
display sync transport layer statistics
stop a cluster member from passing traffic. Stops
synchronization. (emergency only)
license information
start all checkpoint services
show policy name, policy install time and interface
table
high availability state
checkpoint interface table, routing table, version,
memory status, cpu load, disk space
checkpoint cpu status
checkpoint routing table
stop all checkpoint services
list processes actively monitored. Firewall should
contain cpd and vpnd.
1. Useful CP Commands
Description
show interface names
show control kernel memory and connections
export the current log file to ascii
get the policy from the firewall manager
show the content of the connections log
search the current log for activity between specific
times, eg
search for dropped packets in the active log; also can
use accept or reject to search
tail the current log
export an old log file on the firewall manager
rotate logs
list firewall logs
firewall status, should contain the name of the policy
and the relevant interfaces.
show which policy is associated with which interface
and package drop, accept and reject
displays firewall tables
number of connections in state table
clear all translated entries
clear local firewall policy
firewall version
2. Useful FW Commands
Description
show control kernel memory and connections
export the current log file to ascii
get the policy from the firewall manager
show the content of the connections log
search the current log for activity between specific
times, eg
search for dropped packets in the active log; also can
use accept or reject to search
tail the current log
export an old log file on the firewall manager
rotate logs
list firewall logs
firewall status, should contain the name of the policy
and the relevant interfaces.
show which policy is associated with which interface
and package drop, accept and reject
displays firewall tables
number of connections in state table
clear all translated entries
clear local firewall policy
firewall version
2.2) or (src=20.2.2.2 and dst=10.1.1.1);' -m iIoO -o wireshark.pcap
1.1 and host 20.2.2.2

chsh -s /bin/bash admin
scp /var/log/dlp_mon_141113_1.cap admin@150.2.31.74:/home/admin/
fw monitor -e "src=150.3.18.155 or dst=150.3.18.155, accept;" -o /var/log/fw_mon_141113_155.cap
fw monitor -e "src=150.3.18.155 or dst=150.3.18.155, accept;" -o /var/log/dlp_mon_141113_155.cap
fw monitor -e "src=150.3.18.221 or dst=150.3.18.221, accept;"
on_141113_155.cap
on_141113_155.cap
VARIOUS HEALTH RELATED COMMANDS

Command
swapinfo
cpstat os -f cpu
cpstat os -f memory
clish
show useful-stats
vmstat 2
fw tab -s -t connection
fw tab -t fwx_alloc -s
netstat -i
ipsctl -a | grep eth-s3p1:errors
ps -aux
cp_conf sic state
ckp_regedit-pSOFTWARE/CHECKPOINT/SIC
grep -i icaip $CPDIR/registry/HKLM_*
ipsctl -a | grep capabilities
ipsctl -i
CHECK SERIAL NUMBER
cat /var/etc/.nvram
fw ctl zdebug drop | grep 1414
CHECK IF DISKLESS
dmesg | grep flash
system is flash-based, running in diskless mode
REBOOT
sync;sync;reboot
RESTART FWD
#precheck
date;grepipsrd:instance:default:vrrp:nomonitorfwt/config/active;echo
sh vrrp | iclid; netstat -an | grep 257; ps aux | grep fwd; swapinfo;
#restart
$CPDIR/bin/cpwd_adminstop-nameFWD-path$FWDIR/bin/fwcommandfwkillfwd;sleep1;psaux|grepfwd;
$CPDIR/bin/cpwd_admin start -name FWD -path $FWDIR/bin/fw commandfwd
#post-check
echo sh vrrp | iclid; date; ps aux | grep fwd; netstat -an | grep 257;
swapinfo;
SAVE VOYAGER
clish
save config
exit
dbset :save
ROUTES AND ARPPROXY
echo sh route | iclid
clish-s-csetstatic-route[route]/[mask]nexthopgatewayaddress
[gateway]on
clish-s-caddarpproxyaddress[address]macaddress0:0:0:0:0:0
arpproxy is needed when it is part of a directly connected network
clear arp table
clish
deletearpdynamicalldoesntdeleteproxyarps
ENABLING INTERFACE & VRRP (Simplified mode)
clish-s-csetinterfaceeth-s4p1activeon
clish-s-csetinterfaceeth-s4p1link_trapon
clish-s-csetinterfaceeth-s4p1auto-advertiseoff
clish-s-csetinterfaceeth-s4p1c0enable
clish-s-caddinterfaceeth-s4p1c0addressx.x.x.x/xx
clish-s-csetinterfaceeth-s4p1speed100Mduplexfull
clish-s-caddmcvrvrid<1-255>backup-address<vip>
save config
exit
BOUNCE INTERFACE (SPLAT)

ifconfig eth-s4p3c0 down
ifconfig eth-s4p3c0 up
BOUNCE INTERFACE (IPSO)
ifdown eth-s4p3c0
ifup eth-s4p3c0
VPN Troubleshooting
Local enc domain
fw tab -t vpn_enc_domain_valid -f -u
Remote enc domain
fw tab -t vpn_routing -f -u | grep 10.1.6014:43
SPLAT
Add Route:
route add -net 123.45.44.0 netmask 255.255.255.0 gw 123.45.56.1
routesave
Preferred method is using cos_config asthesaveparameterforroute
may not exist on some systems.
Check Route (SPLAT):
ip route get xx.xx.xx.xx
Proxy Arp on SPLAT
arp -s <Static_NAT_ip_addr> <interface mac address> pub
**NOTE:Thisshouldalsobeaddedtothestartupscript/etc/rc.localon
both firewalls is this is an HA cluster
(remember use the physical mac address of the interface you are proxy
arping on, not the cluster mac)
$FWDIR/conf/local.arp
Check to see if device is diskless
ipsctl kern:diskless
Fix IP265 if stuck at #
fsck -fyb 32
mkdir /var/emhome/admin
cp /etc/skel/* /var/emhome/admin
Identify switch
tcpdump-n-ieth-s4p4c2-s1500-w-c1etherdst1:0:c:cc:cc:ccand
greater 75|strings -3a
Description
** CPU Usage **
** Memory Usage **
** Memory Usage %
** free mem and cpu **
** Checks current/max connections **
** Shows Translation Table Connections
** Check for interface errors/collisions **
** detailed interface errors **
** Show processes **
** Check SIC **
**!ckp**
**find CMA IP**
**Check Int Capabilities
**Menu with all hardware**
CP, FW & FWM

cphaprob stat
cphaprob -a if
List cluster status

List status of interfaces
cphaprob syncstat
shows the sync status
cphaprob list
Shows a status in list form
cphastart/stop
cp_conf sic
cpconfig
cplic print
Stops clustering on the specfic node

SIC stuff
config util
prints the license
cprestart
Restarts all Check Point Services
cpstart
Starts all Check Point Services
cpstop
cpstop -fwflag -proc
Stops all Check Point Services

Stops all checkpoint Services but keeps policy
active in kernel
cpwd_admin list
List checkpoint processes
cplic print
Print all the licensing information.
Show VPN Policy Server Stats
cpstat
Shows the status of the firewall
fw tab -t sam_blocked_ips
fw tab -t connections -s
fw tab -t connections -f
Block IPS via SmartTracker

Show connection stats
Show connections with IP instead of HEX
fw tab -t fwx_alloc -f
fw tab -t peers_count -s
Show fwx_alloc with IP instead of HEX

Shows VPN stats
fw tab -t userc_users -s
Shows VPN stats
fw checklic
Check license details
fw ctl get int [global kernel parameter]

fw ctl set int [global kernel parameter]
[value]
fw ctl arp
Shows the current value of a global kernel

parameter
Sets the current value of a global keneral
parameter. Only Temp ; Cleared after reboot.
Shows arp table
fw ctl install
Install hosts internal interfaces
fw ctl ip_forwarding
fw ctl pstat
Control IP forwarding
System Resource stats
fw ctl uninstall
Uninstall hosts internal interfaces
fw exportlog .o
Export current log file to ascii file
fw fetch
fw fetch localhost
Fetch security policy and install

Installs (on gateway) the last installed policy.
fw hastat
Shows Cluster statistics
fw lichosts
Display protected hosts
fw log -f
Tail the current log file
fw log -s -e
Retrieve logs between times
fw logswitch
fw lslogs
fw monitor
Rotate current log file

Display remote machine log-file list
Packet sniffer
fw printlic -p
fw printlic
fw putkey
Print current Firewall modules

Print current license details
Install authenication key onto host
fw stat -l
fw unloadlocal
Long stat list, shows which policies are

installed
Short stat list, shows which policies are
installed
Unload policy
fw ver -k
fwstart
fwstop
Returns version, patch info and Kernal info

Starts the firewall
Stop the firewall
fwm lock_admin -v
fwm dbexport -f user.txt
View locked admin accounts

used to export users , can also use dbimport
fwm_start
starts the management processes
fwm -p
fwm -a
fwm -r
Print a list of Admin users

Adds an Admin
Delete an administrator
fw stat -s
mdsenv [cma name]

mcd
PROVIDER 1
mds_setup
mdsconfig
Sets the mds environment

Changes your directory to that of the
environment.
To setup MDS Servers
Alternative to cpconfig for MDS servers
mdsstat
To see the processes status
mdsstart_customer [cma name]
To start cma
mdsstop_customer [cma name]
To stop cma
cma_migrate
To migrate an Smart center server to CMA
cmamigrate_assist
If you dont want to go through the pain of

tar/zip/ftp and if you wish to enable FTP on
Smart center server
vpn tu
vpn ipafile_check ipassignment.conf
detail
dtps lic
VPN
VPN utility, allows you to rekey vpn
Verifies the ipassignment.conf file
show desktop policy license status

show status of the dtps
vpn shell /tunnels/delete/IKE/peer/[peer
delete IKE SA
ip]
vpn shell /tunnels/delete/IPsec/peer/[peer delete Phase 2 SA
ip]
vpn shell /show/tunnels/ike/peer/[peer ip]
show IKE SA
vpn shell /show/tunnels/ipsec/peer/[peer

ip] shell show interface detailed [VTI
vpn
name]
show Phase 2 SA
show VTI detail
fw ctl zdebug drop
shows dropped packets in realtime / gives

reason for drop
DEBUGGING
SPLAT ONLY
router
Enters router mode for use on Secure

Platform Pro for advanced routing options
patch add cd
Allows you to mount an iso and upgrade your

checkpoint software (SPLAT Only)
backup
Allows you to preform a system operating

system backup
Allows you to restore your backup
Performs a system backup which includes all
Check Point binaries. Note : This issues a
cpstop.
get the current context
set your context
show the interfaces for a virtual device
shows a list of the virtual devices and installed
policies
shows a list of the virtual devices and installed
policies (verbose)
resets the gateway, clearing all previous virtual
devices and settings.
restore
snapshot
vsx get [vsys name/id]

vsx set [vsys name/id]
fw -vs [vsys id] getifs
fw vsx stat -l
fw vsx stat -v
reset_gw
VSX
Expert
ifconfig
netstat
top
ping
message
sysenv
domainname
interface
interfaces
route
allowed-client
clock
date
edition
host
hostname
hw-monitor
inactivity-timeout
Feature or Extended
or Base
extended
extended
extended
extended/feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
category
UNIX
UNIX
UNIX
Networking
GAIA environment
GAIA environment
Networking
Networking
Networking
Networking
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
lcd
time
timezone
version
cd
uptime
cat
clienv
format
feature
feature
feature
feature
feature
feature
extended
feature
feature
Platform admin
Platform admin
Platform admin
Platform admin
UNIX
UNIX
UNIX
GAIA environment
GAIA environment
tag
backup
backups
backup-scheduled
selfpasswd
snapshot
snapshots
history
feature
feature
feature
feature
feature
feature
feature
base
GAIA environment
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
GAIA commands
lock
quit
rollback
save
exit
expert
base
base
base
base
base
base
GAIA commands
GAIA commands
GAIA commands
GAIA commands
GAIA environment
GAIA environment
help
halt
reboot
upgrade cd
upgrade local VALUE
ver
fips
config_system
ping6
base
base
base
base
base
base
extended
extended
extended
GAIA environment
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
???
GAIA commands
Networking
cpshared_ver
extended
Platform admin
diag
patch
raid_diagnostic
raidconfig
cp_conf
cpca
cpca_client
cpca_create
cpca_dbutil
cpconfig
cphaprob
cphastart
cphastop
cpinfo
cplic
cpstart
cpstat
cpstop
cpwd_admin
dtps
etmstart
etmstop
fgate
fw
fwaccel
fwm
ips
LSMcli
LSMenabler
rtm
rtmstart
rtmstop
rtmtopsvc
sim
SnortConvertor
vpn
vsx_util
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
extended
Platform admin
Platform admin
Platform admin
Platform admin
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
traceroute
scratchpad
auditlog
ftw
logging
database
slot
extended
feature
feature
feature
feature
feature
feature
UNIX
???
????
????
????
?????
?????
aggregate
feature
Dynamic routing admin
as
feature
bgp
feature
igmp
feature
instance
feature
kernel-routes
feature
max-path-splits
feature
mcvr
feature
mfc
feature
neighbor
feature
neighbor-entry
feature
ospf
feature
pbr
feature
pbr-combine-static
feature
pbr-routing-group
feature
pim
feature
pppoe
feature
protocol-rank
feature
rdisc
feature
rip
feature
routed
feature
route-injection
feature
routemap
feature
routemaps
feature
router-id
feature
router-options
feature
show-route-all
feature
trace
feature
tracefile
command
commands
config
config-lock
config-state
configuration
extended
start
transaction
arp
bonding
bootp
bridging
default-route
dhcp
dns
interface-group
iphelper
ipv6
ipv6-state
management
net-access
nexthop-selection
static6
static-mroute
static-route
aaa-servers
download
expert-password
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature

GAIA commands
GAIA commands
GAIA commands
GAIA commands
GAIA commands
GAIA commands
GAIA commands
GAIA commands
GAIA commands
Networking
Networking
Networking
Networking
Networking
Networking
Networking
Networking
Networking
Networking
Networking
Networking
Networking
Networking
Networking
Networking
Networking
Platform admin
Platform admin
Platform admin
fcd
group
groups
import
feature
feature
feature
feature
Platform admin
Platform admin
Platform admin
Platform admin
inactto
install
installer
installer_mail
installer_policy
local
logicalvolume
mail-notification
maintenance-group
manage-image
mgmtAdmin
mgmt-gui-clients
ntp
password-controls
prod-maintain
rba
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
revert
security-access-group
software-updates-group
ssmtp
stop
system-group
tacacs_enable
uninstall
upgrade
user
users
volume
web
adv-vrrp
blades
certificate_authority
cluster_ha
high-avail-group
license_activation
proxy
restore_policy
smart-console
snmp
sysconfig
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform admin
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
syslog
virtual-system
vpnt
vrrp
feature
feature
feature
feature
Platform Subsystem
Platform Subsystem
Platform Subsystem
Platform Subsystem
vrrp6
vsx
cron
feature
feature
feature
Platform Subsystem
Platform Subsystem
UNIX

Description
Networking
Networking
Show OS processes
Networking
msg of the day
cli environment for tabs, lines, columns
Networking
Networking
Networking
routing
Client that can connect to platform
time
time
version of OS
host name
host name
????
session timeout
For appliances, the front panel LCD admin
Time admin
Timezone admin
version of system
change directory
how much time has system been up
print file
GAIA environment
date, net,tim formats
cli environment to create comment tags
backup system
list backups
build backup schedule
change current password
Take an image of the system
Show system images
history of commands
lock database override to get control of GAIA
config database
exit GAIA
rollback a GAIA batch transaction
config or client evironment
exit out of GAIA
go into SPLAT mode
stop OS
reboot OS
patch upgrade via cd
upgrades
version of system
???
load file to config system
Networking
Print out description of cpshared version,
doesn't seem to work, only in SPLAT
Send system diagnostics information to tftp
install patch
RAID info
RAID info
cp specific commands
certificate authority
certificate authority admin
configure platform with cpconfig
change HA status
stop HA
start HA
generate cpinfo information
check license
start firewall
check firewall status
stop firewall
watchdog admin for cp processes
client VPN policy server admin
qos
qos
floodgate
checkpoint cmds
checkpoint cmds
checkpoint cmds
Intrusion Prevention System admin
provisioning
provisioning
SmartMonitor admin
SmartMonitor admin
SmartMonitor admin
SmartMonitor admin
SecureXL admin
Convert logs for Snort to read
vpn admin
mgt server vsx admin
Unix traceroute
????
????
????
????
?????
?????
??????
policy based routing
????
????
?????
?????
Debug dynamic routing
Debug dynamic routing
GAIA commands
GAIA commands
GAIA command configuration
get config lock
show if commands saved
load config file with config commands
show extended commands
start batch GAIA commands
batch transactions
manual arp
Networking
Networking
Networking
Networking
Networking
Networking
?????
Networking
dyhnamic routing
set mgt interface
telnet access
Networking
IPV6 static rout
Networking multicast route????
routing
authentication
installing files
set expert password
set fcd revert - possibly a snapshot rever?
GAIA groups of users
GAIA groups of users
Install files
Install files
Install
Install
Install files
Install files
upgrade
change volume info???
email notices
???
????
????
????
time NTP
set password complexity
????
role based admin
Revert GAIA configuration database back to
???
????
Update new software???
?????
install
????
Enable TACAS authentication
install
install
cli users
cli users
move space to/from backup volume
WebUI params
VRRP admin
????
Cert admin???
HA admin????
HA admin????
????
proxy for mail and spam checking
Install
????
SNMP admin
CP sysconfig menu
set syslog cplogs
off - Do not send syslogs to Check Point's logs
on - Send system syslogs to Check Point's
logs
VSX set environment
Vpn config
vrrp failover admin
Vrrp config
webui for vsx
create batch jobs
bash
Command
chsh -s /bin/bash []
chsh -s /bin/bash admin
SCP
Command
scp filename host:/home/admin
-> scp ./test.txt 192.168.0.1:/home/admin
scp host:/home/filename /home/admin
-> scp 192.168.0.1:/home/test.txt /home/admin

-P :
-p : preserve , , .
-r : recursive / .
-C : Compression
Backup
Command
cd $FWDIR -> /opt/CPsuite-R77/fw1

./opt/CPsuite-R77/fw1/bin/upgrade_tools/upgrade_expert [finename]
backup
-> Are you sure you want to proceed (y/n) [y]? Y
Restore
Command
./opt/CPsuite-R77/fw1/bin/upgrade_tools/upgrade_import [finename]
restore
FW MONITOR
Command
fw monitor -e "accept;" -o fwmonitor_dlp1_standby.pcap

-i gateway
-I gateway
-o gateway
-O gateway
TCPDUMP
Command
tcpdump -i eth-s1p1c0 -w trace.pcap
tcpdump -i eth-s1p1c0 -s 320 -vv udp port 520
tcpdump -i eth-s1p1c0 -s 320 -vv proto igrp
tcpdump -i eth-s1p1c0 tcp port 23
tcpdump -i interface host X.X.X.X
tcpdump -i interface host 10.2.3.4 and not port 80
tcpdump -i interface host 10.2.3.4 or host 10.2.3.5
tcpdump -i eth-s1p1c3 vlan 6
tcpdump -i <physical interface> vlan <vlan number> | grep <host IP address>tcpdump -i eth2c1 vlan 2 | grep 192.168.1.1
tcpdump -s 320 -i eth-s1p1c0
tcpdump -s 1500 -i eth-s1p1c0 -w /var/log/tcpdump_s1p1c0.cap
bash
SCP, ftp .
Default Shell Information : bash
SCP
Local Host (Upload)

Local Host (Download)
Backup
$FWDIR /opt/CPsuite-R77/fw1
Local License, Policy, NAT, Topology
gateway
(Web GUI system backup )
Restore
FW MONITOR
tcpdump
TCPDUMP
tcpdump eth-slp1c0 trace.pcap .

The following will show all RIP traffic on the network attached to eth-s1p1c0.
RIP runs over UDP port 520
The following will show all IGRP traffic on the network connected to eth-s1p1c0.
The following will show all telnet traffic on the network connected to eth-s1p1c0.
Filtering for a specific host
For example, to capture packets on eth1c0 that are to host 10.2.3.4 and NOT to port 80
To capture packets on eth1c0 that are to host 10.2.3.4 or 10.3.2.5:
If your ethernet interfaces are configured with VLANs, and you're using IPSO 3.6 and
later, you can filter with tcpdump, based on vlans, by passing "vlan n" as an
argument (where n is the VLAN number).
To use tcpdump to filter on a virtual (i.e., vlan) interface, use the command
Limit the size (in bytes) of captured packets (by default, only headers are captured)
Save the captured traffic into a file (for later deeper analysis in WireShark)

복사본 Checkpoint - CLI - summary (자동 저장됨)

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

복사본 Checkpoint - CLI - summary (자동 저장됨)

Hochgeladen von

Copyright:

Verfügbare Formate

Check Point commands generally come under cp (general), fw (firewall), and fwm (management).

CP, FW & FWM

List cluster status

List status of interfaces

shows the sync status

Shows a status in list form

Stops clustering on the specfic node

prints the license

Restarts all Check Point Services

Starts all Check Point Services

Stops all Check Point Services

cpstop -fwflag -proc

Stops all checkpoint Services but keeps policy active in kernel

List checkpoint processes

Print all the licensing information.

cpstat -f all polsrv

Show VPN Policy Server Stats

Shows the status of the firewall

Block IPS via SmartTracker

Show connection stats

Show connections with IP instead of HEX

Show fwx_alloc with IP instead of HEX

Shows VPN stats

Shows VPN stats

Check license details

fw ctl get int [global kernel parameter]

Shows the current value of a global kernel parameter

Install hosts internal interfaces

System Resource stats

Uninstall hosts internal interfaces

Export current log file to ascii file

Fetch security policy and install

Installs (on gateway) the last installed policy.

Shows Cluster statistics

Display protected hosts

Tail the current log file

Retrieve logs between times

Rotate current log file

Display remote machine log-file list

Print current Firewall modules

Print current license details

Install authenication key onto host

Long stat list, shows which policies are installed

Short stat list, shows which policies are installed

Returns version, patch info and Kernal info

Starts the firewall

Stop the firewall

View locked admin accounts

fwm dbexport -f user.txt

used to export users , can also use dbimport

starts the management processes

Print a list of Admin users

Sets the mds environment

Changes your directory to that of the environment.

To setup MDS Servers

Alternative to cpconfig for MDS servers

To see the processes status

mdsstart_customer [cma name]

mdsstop_customer [cma name]

To migrate an Smart center server to CMA

VPN utility, allows you to rekey vpn

vpn ipafile_check ipassignment.conf detail