#!/bin/bash
#
# Common Check Point Commands (ccc) for R77.30 / R80.10
# Version 0.5
#
# Script source : https://community.checkpoint.com/docs/DOC-2214
# Project idea : Moti Sagey
# Script created by : Danny Jung
# Interactive mode : Marko Keca
# Print main menu on script start
i=0;
while [ 1 ]
do
case $i in
0) echo ""
echo "##############################################"
echo "### Common Check Point Commands (ccc) v0.5 ###"
echo "##############################################"
echo ""
echo "[ MAIN MENU ]"
echo ""
echo "a: Firewall Mananagement & Gateway"
echo "b: Firewall Mananagement"
echo "c: Firewall Gateway"
echo "d: ClusterXL Troubleshooting"
echo "e: VPN Troubleshooting"
echo "f: Multicore Performance Tuning"
echo "g: VSX Troubleshooting"
echo "h: MDS Troubleshooting"
echo "i: Standalone Firewall & Management"
echo ""
echo "0: Main menu"
echo "q: EXIT"
echo ""
;;
a) echo ""
echo "[ Firewall Mananagement & Gateway ]"
echo "1: cat /etc/cp-release; installed_jumbo_take - Show Check Point version"
echo "2: cplic print -x - Show installed CP licenses"
echo "3: cpstat os -f ifconfig - Show advanced interface summary"
echo "4: df -h - Show available disk space"
echo "5: cpview - Start CPview"
echo "6: clish -c "show configuration" - Show running Clish configuration"
echo "7: enabled_blades - Show enabled blades"
echo "8: cpinfo -y all - Show installed packages"
echo ""
echo "0: MAIN MENU"
echo "q: EXIT"
;;
b) echo ""
echo "[ Firewall Mananagement ]"
echo "9: fwm stat - Show status"
echo "10: cpstat mg - Show connected management clients"
echo ""
echo "0: MAIN MENU"
echo "q: EXIT"
;;
c) echo ""
echo "[ Firewall Gateway ]"
echo "11: fw stat; ips stat; cpstat -f all polsrv - Show FW + IPS + Policy Server status"
echo "12: fw getifs - Show interfaces, IP addresses + netmask"
echo "13: cpstat blades - Quickly show top rule hits, connections and packets stats"
echo "14: cpstat fw - Show statistics of interface connections"
echo "15: netstat -atun - Show established connections"
echo "16: fw ctl zdebug drop - Show dropped connections + reason"
echo "17: fw tab -s -t connections - Show load on FW gateway"
echo "18: fwaccel stat - Show acceleration status on FW gateway"
echo "19: fwaccel stats - Show acceleration status on FW gateway"
echo "20: fwaccel stats -s - Show acceleration status on FW gateway"
echo "21: cpwd_admin list - Show CP process status"
echo "22: fw fetch localhost - Reload security policy from localhost"
#echo "23: fw fetch fwmgmt - Reload security policy from FW management"
echo "24: fw ctl set int fw_antispoofing_enabled 0; sim feature anti_spoofing off ; fwaccel off ; fwaccel on - Disable Anti-Spoofing"
echo "25: fw ctl set int fw_antispoofing_enabled 1; sim feature anti_spoofing on ; fwaccel off ; fwaccel on - Enable Anti-Spoofing"
echo ""
echo "0: MAIN MENU"
echo "q: EXIT"
;;
d) echo ""
echo "[ ClusterXL Troubleshooting ]"
echo "26: cphaprob stat; cpstat -f all ha - Show ClusterXL mode & status"
echo "27: cphaprob -l list - Show ClusterXL devices & status"
echo "28: cphaprob -a if - Show ClusterXL interfaces"
echo "29: fw ctl pstat - Show ClusterXL sync status"
echo "30: clish -c "show routed cluster-state detailed" - Show ClusterXL failover history"
echo "31: clusterXL_admin down - Create ClusterXL faildevice"
echo "32: clusterXL_admin up - Delete ClusterXL faildevice"
echo "33: cphaconf cluster_id get - Show Cluster ID"
echo ""
echo "0: MAIN MENU"
echo "q: EXIT"
;;
e) echo ""
echo "[ VPN Troubleshooting ]"
echo "34: vpn tu - Start VPN tunnel utility"
echo "35: vpn debug trunc; vpn debug on; vpn debug ikeon - Start VPN debug mode"
echo "36: vpn debug ikeoff; vpn debug off; file $FWDIR/log/ike.elg - Stop VPN debug mode"
echo ""
echo "0: MAIN MENU"
echo "q: EXIT"
;;
f) echo ""
echo "[ Multicore Performance Tuning ]"
echo "37: fw ctl multik stat - Show multi-kernel connections & peak connections"
echo "38: fw ctl affinity -l -v - Show interface affinity & IRQs"
echo "39: fw ctl affinity -l -a - Show interface affinity"
echo "40: netstat -ni - To check for drop on interfaces"
echo "41: ps axwf -o pid,cpuid,pcpu,pmem,time,comm - Show processes & daemons utilization by cpu-core, mem"
echo ""
echo "0: MAIN MENU"
echo "q: EXIT"
;;
g) echo ""
echo "[ VSX Troubleshooting ]"
echo "42: vsx stat -v - Show VSX status"
echo ""
echo "0: MAIN MENU"
echo "q: EXIT"
;;
h) echo ""
echo "[ MDS Troubleshooting ]"
echo "43: mdsstat - Show MDS status"
echo ""
echo "0: MAIN MENU"
echo "q: EXIT"
;;
i) echo ""
echo "[ Standalone Firewall & Management ]"
echo "44: cpwd_admin stop -name FWM -path "$FWDIR/bin/fw" -command "fw kill fwm" - Stop Firewall Management only"
echo "45: cpwd_admin start -name FWM -path "$FWDIR/bin/fwm" -command "fwm" - Start Firewall Management only"
echo ""
echo "0: MAIN MENU"
echo "q: EXIT"
;;
1) cat /etc/cp-release; installed_jumbo_take
;;
2) cplic print -x
;;
3) cpstat os -f ifconfig; ls -1 /sys/class/net | grep -v ^lo | xargs -I % sh -c 'ethtool %; ethtool -i %' | grep '^driver\|Speed\|Duplex\|Settings' | sed "s/^/ /g" | tr -d "\t" | tr -d "\n" | sed "s/Settings for/\nSettings for/g"; echo
;;
4) df -h
;;
5) cpview
;;
6) clish -c "show configuration"
;;
7) enabled_blades
;;
8) cpinfo -y all
;;
9) fwm stat
;;
10) cpstat mg
;;
11) fw stat; ips stat; cpstat -f all polsrv
;;
12) fw getifs
;;
13) cpstat blades
;;
14) cpstat fw
;;
15) netstat -atun
;;
16) fw ctl zdebug drop
;;
17) fw tab -s -t connections
;;
18) fwaccel stat
;;
19) fwaccel stats
;;
20) fwaccel stats -s
;;
21) cpwd_admin list
;;
22) fw fetch localhost
;;
23) fw fetch fwmgmt
;;
24) fw ctl set int fw_antispoofing_enabled 0; sim feature anti_spoofing off ; fwaccel off ; fwaccel on
;;
25) fw ctl set int fw_antispoofing_enabled 1; sim feature anti_spoofing on ; fwaccel off ; fwaccel on
;;
26) cphaprob stat; cpstat -f all ha
;;
27) cphaprob -l list
;;
28) cphaprob -a if
;;
29) fw ctl pstat
;;
30) clish -c "show routed cluster-state detailed"
;;
31) clusterXL_admin down
;;
32) clusterXL_admin up
;;
33) cphaconf cluster_id get
;;
34) vpn tu
;;
35) vpn debug trunc; vpn debug on; vpn debug ikeon
;;
36) vpn debug ikeoff; vpn debug off; file $FWDIR/log/ike.elg
;;
37) fw ctl multik stat
;;
38) fw ctl affinity -l -v
;;
39) fw ctl affinity -l -a
;;
40) netstat -ni
;;
41) ps axwf -o pid,cpuid,pcpu,pmem,time,comm
;;
42) vsx stat -v
;;
43) mdsstat
;;
44) cpwd_admin stop -name FWM -path "$FWDIR/bin/fw" -command "fw kill fwm"
;;
45) cpwd_admin start -name FWM -path "$FWDIR/bin/fwm" -command "fwm"
;;
q)
exit 0
;;
*)
echo -e "Enter a command: "
;;
esac
echo ""
echo -en "Enter a command: "
read i
done
exit 0
