Professional Documents
Culture Documents
$CPMDIR
$FGDIR
$MDSDIR
$FW_BOOT_DIR
cprestart
cpridstop
cpridstart
cpridrestart
fw unloadlocal
cpwd_admin list
cpca_client lscert
fw ctl iflist
fw ctl pstat
fw ctl chain
fgate stat
fwaccel <stat|
stats|conns>
vpn overlap_encdom
fw tab t <tbl>
[s]
avsu_client [-app
<app>] get_version
avsu_client [-app
Check if signature for <app> is up-to-date. See previous
<app>] fetch_remote command for the possible values of <app>.
-fi
show asset hardware View hw info like serial numbers in Nokia clish. See
also ipsctl -a and cat /var/etc/.nvram.
info device
info computers
fwm logexport
fw logswitch [-audit]
Write the current (audit) logfile to YY-MM-DDHHMMSS.log and start a new fw.log.
fw log -c <action>
fw log -f -t
Tail the actual log file from the end of the log.
Without the -t switch it starts from the beginning.
fw log -b <starttime>
<endtime>
fw fetchlogs -f <file>
module
cprlic
fwm sic_reset
(Re)initialize SIC.
cpca_client
fw monitor Examples
fw monitor, Check Points packet sniffing tool, is part of every FW-1 installation.
For detailed info on this topic read the Check Point guide (http://bit.ly/fwmonref) or
see my fw monitor cheat sheet (http://bit.ly/cpfwmon).
Display traffic with 192.168.1.12 as SRC or DST on interface ID 2
(List interfaces and corresponding IDs with fw ctl iflist)
fw monitor -e 'accept host(192.168.1.12) and ifid=2;'
cplic print
fw lichosts
dtps lic
Most recent version is available at http://roesen.org. Licensed under Creative Commons BY NC SA . SecurePlatform, SofaWare, SmartCenter, ClusterXL, SecureXL, Flood-Gate-1, Provider-1, VSX, IPSO and VPN-1/UTM-1 Edge are all registered trademarks of Check Point Software Technologies, Ltd.
Provider-1
mdsconfig
p1shell
show summary
mdsenv [dms_name]
mdsstart [-m|-s]
show images
mdsstop [-m]
show interfaces
mdsstat [dms_name]|[-m] Show status of the MDS and all DMS or a certain
customer's DMS. Use -m for only MDS status.
cpinfo -c <dms>
Create a cpinfo for the customer DMS <dms>.
Remember to run mdsenv <dms> in advance.
set ssh server log-level Set sshd log verbosity to quiet, fatal, error,
<level>
info (default), verbose or debug.
show vrrp [interfaces]
rm /config/active
vpn shell
mcd <directory>
mdsstop_customer <dms>
./mds_restore <file>
vsx_util <subcmd>
ClusterXL
cp_conf ha enable|
disable [norestart]
SecurePlatform
backup
restore <file>
snapshot
revert
patch add cd
<patch>
cd_ver or ver
addarp <ip>
<MAC>
dns [add|del
<ip>]
log list
View log file number <nr> from the log list index.
passwd
chsh -s
Change the login shell for the user admin to always be in
/bin/bash admin expert mode after login.
Edge Appliances CLI and Sofaware SmartCenter Commands*
help [command]
Show help topics. Also works with all commands.
cphastart
cphastop
info fw [rules]
fw hastat
info nat
cphaprob state
info device
cphaprob -a if
export
vsx get
cphaprob syncstat
cpinfo -x <vs>
You can analyze the generated files ike.elg and vpnd.elg with the IKEView tool
provided by Check Point.
VSX
vsx stat [-v] [-l] [id]
vpn -vs <id> debug trunc Empty & stamp logs, enable IKE & VPN debug.
fw -vs <id> getifs
View driver interface list for a VS. You can also
use the VS name instead of -vs <id>.
fw tab -vs <id> -t
<table>
fw monitor -v <id> -e
'accept;'
In general, a lot of Check Point's commands do understand the -vs <id> switch.
cphaconf set_ccp
<broadcast|
multicast>
clusterXL_admin <up|
down>
show interface
Note: DO NOT run any cphaconf commands other than cphaconf set_ccp.
SecurePlatform
sysconfig
show version
Show OS version.
show vrrp [interface] Show VRRP status or VRRP interface information.
show <proto> ?
Show possible commands for routing protocol proto
(can be bgp, dvmrp, igrp, ospf, rip)