(htps/:www‷㠶

.r3netc.om)

Home (/)  Articles (/Articles.html)  Firewalls  Check Point (/Firewalls/Check-Point/)  Check Point Commands

Check Point Commands

Written on 27 August 2008. Posted in Check Point (/Firewalls/Check-Point/)

Check Point commands generally come under cp (general), fw (‷㠶rewall), and fwm (management).

CP, FW & FWM

cphaprob stat List cluster status
cphaprob -a if List status of interfaces
cphaprob syncstat shows the sync status
cphaprob list Shows a status in list form
cphastart/stop Stops clustering on the spec‷㠶c node
cp_conf sic SIC stuꙠ
cpcon‷㠶g con‷㠶g util
cplic print prints the license
cprestart Restarts all Check Point Services
cpstart Starts all Check Point Services
cpstop Stops all Check Point Services
cpstop -fw㈹〳ag -proc Stops all checkpoint Services but keeps policy active in kernel
cpwd_admin list List checkpoint processes
cplic print Print all the licensing information.
cpstat -f all polsrv Show VPN Policy Server Stats
cpstat Shows the status of the ‷㠶rewall

fw tab -t sam_blocked_ips Block IPS via SmartTracker

fw tab -t connections -s Show connection stats

fw tab -t connections -f Show connections with IP instead of HEX
fw tab -t fwx_alloc -f Show fwx_alloc with IP instead of HEX
fw tab -t peers_count -s Shows VPN stats
fw tab -t userc_users -s Shows VPN stats
fw checklic Check license details
fw ctl get int [global kernel parameter] Shows the current value of a global kernel parameter
fw ctl set int [global kernel parameter] [value] Sets the current value of a global keneral parameter. Only
Temp ; Cleared after reboot.
fw ctl arp Shows arp table
fw ctl install Install hosts internal interfaces
fw ctl ip_forwarding Control IP forwarding
fw ctl pstat System Resource stats
fw ctl uninstall Uninstall hosts internal interfaces
fw exportlog .o Export current log ‷㠶le to ascii ‷㠶le
fw fetch Fetch security policy and install
fw fetch localhost Installs (on gateway) the last installed policy.
fw hastat Shows Cluster statistics
fw lichosts Display protected hosts
fw log -f Tail the current log ‷㠶le
fw log -s -e Retrieve logs between times
fw logswitch Rotate current log ‷㠶le
fw lslogs Display remote machine log-‷㠶le list
fw monitor Packet sniꙠer
fw printlic -p Print current Firewall modules
fw printlic Print current license details
fw putkey Install authenication key onto host
fw stat -l Long stat list, shows which policies are installed
fw stat -s Short stat list, shows which policies are installed
fw unloadlocal Unload policy
fw ver -k Returns version, patch info and Kernal info
fwstart Starts the ‷㠶rewall
fwstop Stop the ‷㠶rewall

fwm lock_admin -v View locked admin accounts

fwm dbexport -f user.txt used to export users , can also use dbimport
fwm_start starts the management processes
fwm -p Print a list of Admin users
fwm -a Adds an Admin
fwm -r Delete an administrator

PROVIDER 1
mdsenv [cma name] Sets the mds environment
mcd Changes your directory to that of the environment.
mds_setup To setup MDS Servers
mdscon‷㠶g Alternative to cpcon‷㠶g for MDS servers
mdsstat To see the processes status
mdsstart_customer [cma name] To start cma
mdsstop_customer [cma name] To stop cma
cma_migrate To migrate an Smart center server to CMA
cmamigrate_assist If you dont want to go through the pain of tar/zip/ftp and if
you wish to enable FTP on Smart center server

VPN
vpn tu VPN utility, allows you to rekey vpn
vpn ipa‷㠶le_check ipassignment.conf detail Veri‷㠶es the ipassignment.conf
(/Firewalls/Checkpoint/con‷㠶guring-per-ip-assignment-using-
ipassignmentconf-in-checkpoint.html)‷㠶le
dtps lic show desktop policy license status
cpstat -f all polsrv show status of the dtps
vpn shell /tunnels/delete/IKE/peer/[peer ip] delete IKE SA
vpn shell /tunnels/delete/IPsec/peer/[peer ip] delete Phase 2 SA
vpn shell /show/tunnels/ike/peer/[peer ip] show IKE SA
vpn shell /show/tunnels/ipsec/peer/[peer ip] show Phase 2 SA
vpn shell show interface detailed [VTI name] show VTI detail

DEBUGGING
fw ctl zdebug drop shows dropped packets in realtime / gives reason for drop

SPLAT ONLY
router Enters router mode for use on Secure Platform Pro for
advanced routing options
patch add cd Allows you to mount an iso (/UNIX-/-Linux/General-UNIX/unix-
how-to-mount-an-iso-image.html) and upgrade your
checkpoint software (SPLAT Only)
backup Allows you to preform a system operating system backup
restore Allows you to restore your backup
snapshot Performs a system backup which includes all Check Point
binaries. Note : This issues a cpstop.

VSX
vsx get [vsys name/id] get the current context
vsx set [vsys name/id] set your context
fw -vs [vsys id] getifs show the interfaces for a virtual device
fw vsx stat -l shows a list of the virtual devices and installed policies
fw vsx stat -v shows a list of the virtual devices and installed policies
(verbose)
reset_gw resets the gateway, clearing all previous virtual devices and
settings.

0 Comments fir3net.com 
1  Login

  Recommend  2 ⤤ Share Sort by Newest

Start the discussion…

Be the first to comment.

ALSO ON FIR3NET.COM WHAT'S THIS?

What is Auto­Scaling? How do I use AJAX along side Django ? | Django | Web
1 comment • 4 months ago Development | Miscellaneous
6 comments • 10 months ago

Python ­ Lottery Number Generator | Python | VI shows the error Terminal too wide within Solaris
Programming | Miscellaneous 3 comments • 10 months ago
1 comment • 10 months ago

✉ Subscribe d Add Disqus to your site ὑ Privacy

back to top