Beruflich Dokumente
Kultur Dokumente
Useful Links
Cloud
Contents
1 clish / shells
2 Health and Status
2.1 Clock
2.2 Version info
2.3 CPU stats
2.4 Free Memory
2.5 View Sessions / Connections
2.6 Verify TCP/IP Configuration
2.7 Show Routing Table
2.8 Show route for destination
2.9 Add Route from clish
2.10 Traceroute
2.11 Ping
2.12 ARP Cache
2.13 List Cluster Status
2.14 HA start / stop
2.15 Checking for Failovers in Logs
2.16 View DHCP Leases
2.17 File or database corruption
3 Partitions Full
3.1 Find the largest files and sort them
3.2 View Partitions disk usage
3.3 View Disk Usage by Gigs
3.4 All the files that are Gigs in size
3.5 Delete the oldest logs
4 Interfaces
4.1 Show Interfaces availabile
4.2 Check Interface Speed / Duplex
4.3 View Interface Errors / Dropped
4.4 Check Interfaces
4.5 Check NIC for Flapping
4.6 Sync Status
4.7 Show status in list form
4.8 Stop Clustering on a specific node
4.9 SIC portocol
4.10 Configuration Utility
4.11 Print the License
4.12 Show VPN Policy Server Status
4.13 Show status of Firewall
4.14 List Check Point Processes
5 OSPF
5.1 Show OSPF
5.2 show interfaces
5.3 show ospf neighbors
5.4 OSPF Events
5.5 Show OSPF errors
5.6 Stop Dynamic Routing Daemon
5.7 Start Dynamic Routing Daemon
6 BGP commands
7 Syslog commands
8 Start/Stop/Restart
8.1 Restart All Services
8.2 Start Firewall Services
8.3 Stop the Firewall
8.4 Stop Firewall services but keeps policy active
8.5 Routing Table
8.6 Block IPS via SmartTracker
8.7 Show Connection Stats
8.8 Show connections with IP instead of HEX
8.9 Show fwx_alloc with IP instead of HEX
8.10 Show VPN Stats
8.11 Check License Details
8.12 Show current value of global kernel parameter
8.13 Show current value of global kernel parameter. Only temp; cleared after reboot
8.14 Show ARP table (static)
8.15 Install hosts internal interfaces
8.16 Control IP Forwarding
8.17 System Resourse Stats
8.18 Uninstall hosts internal interfaces
8.19 Export current log file to ascii file
8.20 Fetch security policy and install
8.21 Installs on gateway the last installed policy
8.22 Show Cluster stats
8.23 Display protected hosts
9 LOGS
9.1 Logs don't exist?
9.2 Tail current log file
9.3 Retrieve logs between times
9.4 Rotate Current log file
9.5 Display remote machine log-file list
9.6 FW Monitor
10 Packet Captures
10.1 tcpDump
10.2 Print current Firewall modules
10.3 Print current license details
10.4 Install authentication key onto host
10.5 Long stat list, shows which policies are installed
10.6 Short stat list , shows which policies are installed
10.7 Unload Policy
10.8 Returns version, patch info and kernel info
11 Backup
11.1 Show Configuration
11.2 Copying Packet Captures off the firewall
clish / shells
some commands are from the regular unix shell, others are from clish. I'll try to add clish to the prefix of commands that
are for the clish environment.
clish
#top
Version info
ver
sample output:
checkpoint-gaia> ver
Product version Check Point Gaia R80.20
OS build 1
OS kernel version 2.6.28-92
OS edition 64-bit
#top
CPU stats
cpstat -f cpu os
#top
Free Memory
cpstat -f memory os
free -m
fw ctl pstat
#top
stats, peak
fw tab -t connections -s
by ip address
fw tab -t connections -f
#top
#top
netstat rn
from clish
#top
Traceroute
#top
Ping
#top
ARP Cache
arp a
#top
cphaprob stat
#top
HA start / stop
cphastart
cphastop
#top
In smartview tracker
right click on information column and filter based on the word "cluster"
#top
cat /var/lib/dhcpd/dhcpd.leases
#top
No output is good!
cphash -d -v
Example Output:
Check out - sk105510, get your USB stick ready for an OS reload!
#top
Partitions Full
Find the largest files and sort them
find / -type f -size +10000 -exec ls -lh {} \; 2> /dev/null | awk '{ print $NF ": " $5 }' | sort -nk 2,2
Sample Output:
/proc/kcore: 1.8G
/var/log/opt/CPsuite-R75/fw1/log/2020-01-12_131447_113.log: 2.0G
/var/log/opt/CPsuite-R75/fw1/log/2020-01-12_225954_114.log: 2.0G
/var/log/opt/CPsuite-R75/fw1/log/2020-02-13_062870_115.log: 2.0G
/var/log/opt/CPsuite-R75/fw1/log/2020-01-13_132657_116.log: 2.0G
#top
df -h
#top
du -h |grep G
#top
ls -lah |grep G
#top
Interfaces
Show Interfaces availabile
from clish
show interfaces
Check Interface Speed / Duplex
from clish
ifconfig eth1
Check Interfaces
cphaprob -a if
#top
Example of flapping:
Nov 20 00:32:46 hostname kernel: e1000: eth0b: e1000_watchdog_task: NIC Link is Down
Nov 20 00:33:25 hostname kernel: e1000: eth0b: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
Nov 20 00:37:48 hostname kernel: e1000: eth0b: e1000_watchdog_task: NIC Link is Down
Nov 20 00:38:27 hostname kernel: e1000: eth0b: e1000_watchdog_task: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
Nov 20 00:42:51 hostname kernel: e1000: eth0b: e1000_watchdog_task: NIC Link is Down
#top
Sync Status
cphaprob syncstat
#top
cphaprob list
#top
cphastart/stop
#top
SIC portocol
cp_conf sic
#top
Configuration Utility
cpconfig
#top
cplic print
cplic print -x
#top
#top
cpstat
#top
cpwd_admin list
#top
OSPF
Show OSPF
from clish
show ospf
#top
show interfaces
--- You can see the status of the interfaces and errors ---
from clish
#top
from clish
#top
OSPF Events
from clish
#top
from clish
#top
from clish
drouter stop
#top
Start Dynamic Routing Daemon
from clish
drouter start
#top
BGP commands
work in progress
show bgp
show bgp errors
show bgp groups
show bgp memory
show bgp paths
show bgp peer VALUE advertise
show bgp peer VALUE detailed
show bgp peer VALUE received
show bgp peers
show bgp peers detailed
show bgp peers established
show bgp routemap
show bgp stats
show bgp summary
#top
Syslog commands
work in progress
#top
Start/Stop/Restart
Restart All Services
cprestart
#top
cpstart
#top
Stop the Firewall
cpstop
#top
#top
Routing Table
cpstat os -f routing
#top
fw tab -t sam_blocked_ips
#top
fw tab -t connections -s
#top
fw tab -t connections -f
#top
fw tab -t fwx_alloc -f
#top
fw tab -t userc_users -s
#top
Show current value of global kernel parameter. Only temp; cleared after reboot
#top
fw ctl arp
#top
fw ctl install
#top
Control IP Forwarding
fw ctl ip_forwarding
#top
fw ctl pstat
#top
Uninstall hosts internal interfaces
fw ctl uninstall
#top
fw exportlog .o
#top
fw fetch
#top
fw fetch localhost
#top
fw hastat
#top
fw lichosts
#top
LOGS
Logs don't exist?
quickly locate what is causing a drop regardless of the policy tracking settings
fw ctl zdebug drop
#top
fw log -f
#top
fw log -s -e
#top
#top
#top
FW Monitor
I use here host macros that automatically generates filter for source and destination IP addresses.
#top
Packet Captures
Example Captures (https://www.firewall.guru/wiki/index.php/Pcap)
tcpDump
By Single IP
nohup tcpdump -W 5 -C 1000 -w Filename.pcap -nni <Interface> host <SOURCE IP> and host <DEST IP> &
#top
fw printlic -p
#top
#top
fw putkey
#top
#top
#top
Unload Policy
fw unloadlocal
#top
fw ver -k
#top
Backup
Show Configuration
This will create a dump of the current configuration. This is great for making a backup. You can use this to quickly
restore a configuration.
show configuration
#top
#top