curiousecurity

Yet another blog about info & networking security this and that… Buzzword… Catchphrase…

  • Posts
  • About
  • Career
  • Education
  • Contact
  • LinkedIn
  • GitHub
  • Email
You are here: Home / Firewall / Check Point Firewall – SPLAT CLI Commands

Check Point Firewall – SPLAT CLI Commands

December 14, 2011 by ryanhorst Leave a Comment

Here is a list of SPLAT CLI Commands commands for Checkpoint Secure Platform, that I have compiled from my studies, checkpoint documents, and places around the web. This is by no means an exhaustive or comprehensive list, but is rather meant to be a command line KB of sorts – mainly for my quick reference. The list is split into CP and FW commands. If the list proves useful to you, please feel free to share the link with others. Also, if you see any typo’s with anything, feel free to let me know!

Check Point CLI “CP” Commands
CLI Command Command Description
cp_conf [argument] Configure/reconfigure a Security Gateway installation
cpconfig Used to configure an installed Check Point product
cpinfo Collects data on a customer’s machine at the time of execution
cplic [argument] Used for Check Point license management
cpstart Start all Check Point processes and applications running on a machine
cpstop Stop all Check Point processes and applications running on a machine
cphastart Activates ClusterXL on the member, but does not initiate full sync
Note: ‘cpstart’ is the recommended way to start a cluster member
cphastop Stops the cluster member from passing traffic. State sync also stops
Note: In HA Legacy mode, ‘cphastop’ may cause the entire cluster to stop
cphaprob [argument] verifies cluster and cluster members are working properly
cphaprob state View the state of a cluster member & other members of the cluster
cphaprob -a if View the state of cluster member interfaces & virtual cluster interfaces
cppkg add Add a product package to the product repository
Only SmartUpdate
packages can be added to the product repository
cppkg delete Delete a product package from the repository using various options
Usage: cppkg delete [<vendor> <product> <version> <os> [sp]] Use cppkg print to see options
cppkg get Synchronizes the pkg repository db w/ the actual pkg repository under $SUROOT
cppkg print List the contents of the product repository
cppkg get root Identifies the location of the product repository
cppkg set root Create a new repository root directory location, and to move existing product packages into the new repository
Check Point CLI “FW” Commands
CLI Command Command Description
fw ctl The fw ctl command controls the Firewall kernel module
fw ctl debug Generate debug messages to a buffer
fw ctl sdstat Measure percentage of CPU consumed by each IPS protection
fw fetch <manager ip> Fetches current policy held on specified firewall manager
fw hastat Displays info about HA machines & their states
fw log Displays the content of log files
fw log -c drop search active connection log for drop/accept/reject packets
fw log -f Monitor logs real-time performing a “tail” on the active log
fw logswitch Log rotate utility for local log rotation
fw lslogs Shows a list of log files stored locally on the firewall
fw monitor Built-in firewall packet capture tool – More on fw monitor HERE
fw stat Displays the content of state tables on target hosts in various formats
fw stat -l Show which policy is associated with which interface & drop/accept/reject
fw unloadlocal Unloads the local/initial policy
fw ver Display the Security Gateway major & minor version, & build #’s
1. [-k] Print the version name & Kernel module build #’s
2. [-f] <filename> Prints the version & build #’s to file
Check Point CLI “VPN” Commands
CLI Command Command Description
vpn crlview Retrieve the Certificate Revocation List (CRL) comes in 3 flavors:
1. vpn crlview -obj <object name> -cert <certificate name>
2. vpn crlview -f <filename>
3. vpn crlview -view
vpn debug Instructs VPN daemon to write debug msg’s to $FWDIR/log/vpnd.elg
vpn tu Launch the TunnelUtil tool which is used to control VPN tunnels
vpn ver Display the VPN major version & build #’s
1. [-k] Display the VPN major version, build, & kernel #’s
2. [-f] <filename> Prints the version & build #’s to file

Related

Filed Under: Firewall, Howto Article, Linux, Network Security Tagged With: CheckPoint, CLI

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *