Skip to main content

Check Point Useful Commands

Check Point commands generally come under cp (general), fw (firewall), and fwm (management).

CP, FW & FWM
cphaprob stat
List cluster status
cphaprob -a if
List status of interfaces
cphaprob syncstat
shows the sync status
cphaprob list
Shows a status in list form
cphastart/stop
Stops clustering on the specfic node
cp_conf sic
SIC stuff
cpconfig
config util
cplic print
prints the license
cprestart
Restarts all Check Point Services
cpstart
Starts all Check Point Services
cpstop
Stops all Check Point Services
cpstop -fwflag -proc
Stops all checkpoint Services but keeps policy active in kernel
cpwd_admin list
List checkpoint processes
cplic print
Print all the licensing information.
cpstat -f all polsrv
Show VPN Policy Server Stats
cpstat
Shows the status of the firewall 


fw tab -t sam_blocked_ips
Block IPS via SmartTracker
fw tab -t connections -s
Show connection stats
fw tab -t connections -f 
Show connections with IP instead of HEX
fw tab -t fwx_alloc -f
Show fwx_alloc with IP instead of HEX 
fw tab -t peers_count -s
Shows VPN stats
fw tab -t userc_users -s
Shows VPN stats
fw checklic
Check license details
fw ctl get int [global kernel parameter]
Shows the current value of a global kernel parameter
fw ctl set int [global kernel parameter]  [value]
Sets the current value of a global keneral parameter. Only Temp ; Cleared after reboot. 
fw ctl arp
Shows arp table
fw ctl install
Install hosts internal interfaces
fw ctl ip_forwarding
Control IP forwarding
fw ctl pstat
System Resource stats
fw ctl uninstall
Uninstall hosts internal interfaces
fw exportlog .o
Export current log file to ascii file
fw fetch
Fetch security policy and install
fw fetch localhost
Installs (on gateway) the last installed policy.
fw hastat
Shows Cluster statistics
fw lichosts
Display protected hosts
fw log -f
Tail the current log file
fw log -s -e
Retrieve logs between times
fw logswitch
Rotate current log file
fw lslogs
Display remote machine log-file list
fw monitor
Packet sniffer
fw printlic -p
Print current Firewall modules
fw printlic
Print current license details
fw putkey
Install authenication key onto host
fw stat -l    
Long stat list, shows which policies are installed
fw stat -s
Short stat list, shows which policies are installed
fw unloadlocal
Unload policy
fw ver -k
Returns version, patch info and Kernal info
fwstart
Starts the firewall
fwstop
Stop the firewall


fwm lock_admin -v
View locked admin accounts
fwm dbexport -f user.txt
used to export users , can also use dbimport
fwm_start
starts the management processes
fwm -p
Print a list of Admin users
fwm -a
Adds an Admin
fwm -r
Delete an administrator

Provider 1
mdsenv [cma name]
Sets the mds environment
mcd 
Changes your directory to that of the environment.
mds_setup
To setup MDS Servers
mdsconfig
Alternative to cpconfig for MDS servers
mdsstat
To see the processes status
mdsstart_customer [cma name] 
To start cma
mdsstop_customer [cma name]
To stop cma
cma_migrate
To migrate an Smart center server to CMA
cmamigrate_assist
If you dont want to go through the pain of tar/zip/ftp and if you wish to enable FTP on Smart center server

VPN
vpn tu                                           
VPN utility, allows you to rekey vpn
vpn ipafile_check ipassignment.conf detail‏
Verifies the ipassignment.conf file
dtps lic
show desktop policy license status
cpstat -f all polsrv
show status of the dtps
vpn shell /tunnels/delete/IKE/peer/[peer ip]
delete IKE SA
vpn shell /tunnels/delete/IPsec/peer/[peer ip]
delete Phase 2 SA
vpn shell /show/tunnels/ike/peer/[peer ip]
show IKE SA
vpn shell /show/tunnels/ipsec/peer/[peer ip]
show Phase 2 SA
vpn shell show interface detailed [VTI name]
show VTI detail

Debugging
fw ctl zdebug drop
shows dropped packets in realtime / gives reason for drop

SPLAT Only
router
Enters router mode for use on Secure Platform Pro for advanced routing options
patch add cd 
Allows you to mount an iso and upgrade your checkpoint software (SPLAT Only) 
backup
Allows you to preform a system operating system backup
restore
Allows you to restore your backup
snapshot
Performs a system backup which includes all Check Point binaries. Note : This issues a cpstop.

VSX
vsx get [vsys name/id]
get the current context
vsx set [vsys name/id]
set your context
fw -vs [vsys id] getifs
show the interfaces for a virtual device
fw vsx stat -l
shows a list of the virtual devices and installed policies
fw vsx stat -v
shows a list of the virtual devices and installed policies (verbose)
reset_gw
resets the gateway, clearing all previous virtual devices and settings.

Labels:

Comments

  1. watchguardMay 14, 2020 at 11:13 PM

    The proper security solution for your organization will neutralize virtually all of these threats to your network

    utm network security

    ReplyDelete

Post a Comment

Popular posts from this blog

Basic Rules of Checkpoint Firewall

Managing the Firewall Rule Base: Explicit and Implied Rules These are the types of rules in the Rule Base: Explicit rules - Rules that you create to configure which connections the Firewall allows Implied rules - Rules that are based on settings in the Global Properties menu Implied rules allow connections for different services that the Security Gateway uses. For example, the Accept Control Connections option allows packets that control these services: ·          Installing the security policy on a Security Gateway ·          Sending logs from a Security Gateway to the Security Management server ·          Connecting to third party applications, such as RADIUS and TACACS authentication servers Order of Rule Enforcement: Make sure that you understand the importance of the order of rule enforcement to maximize the security of the Firewall. The Firewall always enforces the first rule that matches a connection. It does not enforce later rules tha
Post a Comment
Read more

ASA TCP Connection Flags

When troubleshooting TCP connections through the ASA, the connection flags shown for each TCP connection provide a wealth of information about the state of TCP connections to the ASA. This information can be used to troubleshoot problems with the ASA, as well as problems elsewhere in the network. Here is the output of the show conn protocol tcp command, which shows the state of all TCP connections through the ASA. These connections can also be seen with the show conn command. ASA# show conn protocol tcp 101 in use, 5589 most used TCP outside 10.23.232.59:5223 inside 192.168.1.3:52419, idle 0:00:11, bytes 0, flags saA TCP outside 192.168.3.5:80 dmz 172.16.103.221:57646, idle 0:00:29, bytes 2176, flags UIO TCP outside 10.23.232.217:443 inside 192.168.1.3:52427, idle 0:01:02, bytes 4504, flags TCP outside 10.23.232.217:5223 inside 192.168.1.3:52425, idle 0:00:10, bytes 0, flags saAUIO TCP outside 10.23.232.57:5223 inside 192.168.1.3:52412, idle 0:00:23, bytes 0, flag
Post a Comment
Read more

How to Set Up an IPSec Tunnel On PAN-OS - Palo Alto Firewalls

Set Up an IPSec Tunnel  The IPSec tunnel configuration allows you to authenticate and/or encrypt the data (IP packet) as it traverses across the tunnel.  If you are setting up the Palo Alto Networks firewall to work with a peer that supports policy-based VPN, you must define Proxy IDs. Devices that support policy-based VPN use specific security rules/policies or access-lists (source addresses, destination addresses and ports) for permitting interesting traffic through an IPSec tunnel. These rules are referenced during quick mode/IKE phase 2 negotiation, and are exchanged as Proxy-IDs in the first or the second message of the process. So, if you are configuring the Palo Alto Networks firewall to work with a policy-based VPN peer, for a successful phase 2 negotiation you must define the Proxy-ID so that the setting on both peers is identical. If the Proxy-ID is not configured, because the Palo Alto Networks firewall supports route-based VPN, the default values used as Proxy-ID are source
Post a Comment
Read more