Here is a list of SPLAT CLI Commands commands for Checkpoint Secure Platform, that I have compiled from my studies, checkpoint documents, and places around the web. This is by no means an exhaustive or comprehensive list, but is rather meant to be a command line KB of sorts – mainly for my quick reference. The list is split into CP and FW commands. If the list proves useful to you, please feel free to share the link with others. Also, if you see any typo’s with anything, feel free to let me know!
| CLI Command | Command Description |
|---|---|
| cp_conf [argument] | Configure/reconfigure a Security Gateway installation |
| cpconfig | Used to configure an installed Check Point product |
| cpinfo | Collects data on a customer’s machine at the time of execution |
| cplic [argument] | Used for Check Point license management |
| cpstart | Start all Check Point processes and applications running on a machine |
| cpstop | Stop all Check Point processes and applications running on a machine |
| cphastart | Activates ClusterXL on the member, but does not initiate full sync Note: ‘cpstart’ is the recommended way to start a cluster member |
| cphastop | Stops the cluster member from passing traffic. State sync also stops Note: In HA Legacy mode, ‘cphastop’ may cause the entire cluster to stop |
| cphaprob [argument] | verifies cluster and cluster members are working properly |
| cphaprob state | View the state of a cluster member & other members of the cluster |
| cphaprob -a if | View the state of cluster member interfaces & virtual cluster interfaces |
| cppkg add | Add a product package to the product repository Only SmartUpdate packages can be added to the product repository |
| cppkg delete | Delete a product package from the repository using various options Usage: cppkg delete [<vendor> <product> <version> <os> [sp]] Use cppkg print to see options |
| cppkg get | Synchronizes the pkg repository db w/ the actual pkg repository under $SUROOT |
| cppkg print | List the contents of the product repository |
| cppkg get root | Identifies the location of the product repository |
| cppkg set root | Create a new repository root directory location, and to move existing product packages into the new repository |
| CLI Command | Command Description |
|---|---|
| fw ctl | The fw ctl command controls the Firewall kernel module |
| fw ctl debug | Generate debug messages to a buffer |
| fw ctl sdstat | Measure percentage of CPU consumed by each IPS protection |
| fw fetch <manager ip> | Fetches current policy held on specified firewall manager |
| fw hastat | Displays info about HA machines & their states |
| fw log | Displays the content of log files |
| fw log -c drop | search active connection log for drop/accept/reject packets |
| fw log -f | Monitor logs real-time performing a “tail” on the active log |
| fw logswitch | Log rotate utility for local log rotation |
| fw lslogs | Shows a list of log files stored locally on the firewall |
| fw monitor | Built-in firewall packet capture tool – More on fw monitor HERE |
| fw stat | Displays the content of state tables on target hosts in various formats |
| fw stat -l | Show which policy is associated with which interface & drop/accept/reject |
| fw unloadlocal | Unloads the local/initial policy |
| fw ver | Display the Security Gateway major & minor version, & build #’s 1. [-k] Print the version name & Kernel module build #’s 2. [-f] <filename> Prints the version & build #’s to file |
| CLI Command | Command Description |
|---|---|
| vpn crlview | Retrieve the Certificate Revocation List (CRL) comes in 3 flavors: 1. vpn crlview -obj <object name> -cert <certificate name> 2. vpn crlview -f <filename> 3. vpn crlview -view |
| vpn debug | Instructs VPN daemon to write debug msg’s to $FWDIR/log/vpnd.elg |
| vpn tu | Launch the TunnelUtil tool which is used to control VPN tunnels |
| vpn ver | Display the VPN major version & build #’s 1. [-k] Display the VPN major version, build, & kernel #’s 2. [-f] <filename> Prints the version & build #’s to file |
Leave a Reply