Useful Check Point commands. Check Point commands generally come under CP (general) and FW (firewall). Both of them must be used on expert mode (bash shell).
Useful Check Point Commands
| Command | Description |
|---|---|
| cpconfig | change SIC, licenses and more |
| cpview -t | show top style performance counters |
| cphaprob stat | list the state of the high availability cluster members. Should show active and standby devices. |
| cphaprob -a if | display status of monitored interfaces in a cluster |
| cphaprob -l list | display registered cluster devices and status |
| cphaprob syncstat | display sync transport layer statistics |
| cphaprob ldstat | display sync serialization statistics |
| cphastop | stop a cluster member from passing traffic. Stops synchronization. (emergency only) |
| clusterXL_admin down –p | disable this node from cluster membership |
| cphaconf cluster_id get | get cluster Global ID membership |
| cplic print | license information |
| cpstart | start all checkpoint services |
| cpstat fw | show policy name, policy install time and interface table |
| cpstat ha | high availability state |
| cpstat blades | top rule hits and amount of connections |
| cpstat os -f all | checkpoint interface table, routing table, version, memory status, cpu load, disk space |
| cpstat os -f cpu | checkpoint cpu status |
| cpstat os -f multi_cpu | checkpoint cpu load distribution |
| cpstat os -f sensors | hardware environment (temperature/fan/voltage) |
| cpstat os -f routing | checkpoint routing table |
| cpstop | stop all checkpoint services |
| cpwd_admin monitor_list | list processes actively monitored. Firewall should contain cpd and vpnd. |
| show asset all | show serial numbers and hardware info |
| show route destination xx.xx.xx.xx | show routing for specific host |
| ip route get xx.xx.xx.xx | show routing for specific host |
| iclid / show cluster state | show cluster fail over history |
Useful FW Commands
| Command | Description |
|---|---|
| fw ver | firewall version |
| fw ctl iflist | show interface names |
| fw ctl pstat | show control kernel memory and connections |
| fwaccel stat | show SecureXL status |
| fw fetch <manager IP> | get the policy from the firewall manager |
| fwm load <policy name> <gateway name> | compile and install a policy on the target’s gateways. |
| fw getifs | list interfaces and IP addresses |
| fw log | show the content of the connections log |
| fw log -b “MMM DD, YYYY HH:MM:SS” “MMM DD, YYYY HH:MM:SS” | search the current log for activity between specific times |
| fw log -c drop | search for dropped packets in the active log; also can use accept or reject to search |
| fw log -f | tail the current log |
| fwm logexport -i <log name> -o <output name> -n -p | export an old log file on the firewall manager |
| fw logswitch | rotate logs |
| fw lslogs | list firewall logs |
| fw stat | firewall status, should contain the name of the policy and the relevant interfaces. |
| fw stat -l | show which policy is associated with which interface and package drop, accept and reject |
| fw tab | displays firewall tables |
| fw tab -s -t connections | number of connections in state table |
| fw tab -s -t userc_users | number of remote users connected (VPN) |
| fw tab -t xlate -x | clear all translated entries |
| fw unloadlocal | clear local firewall policy |
| fw monitor -e “accept host(10.1.1.10);” | trace the packet flow to/from the specified host |
| fw ctl zdebug + drop | grep ‘x.x.x.x\|y.y.y.y’ | Check reason of your packet being dropped |
Provider 1 Commands
| mdsenv [cma name] | Sets the mds environment |
| mcd | Changes your directory to that of the environment. |
| mds_setup | To setup MDS Servers |
| mdsconfig | Alternative to cpconfig for MDS servers |
| mdsstat | To see the processes status |
| mdsstart_customer [cma name] | To start cma |
| mdsstop_customer [cma name] | To stop cma |
| cma_migrate | To migrate an Smart center server to CMA |
| cmamigrate_assist | If you dont want to go through the pain of tar/zip/ftp and if you wish to enable FTP on Smart center server |
VPN Commands
| vpn tu | VPN utility, allows you to rekey vpn |
| vpn ipafile_check ipassignment.conf detail | Verifies the ipassignment.conf file |
| dtps lic | show desktop policy license status |
| cpstat -f all polsrv | show status of the dtps |
| vpn shell /tunnels/delete/IKE/peer/[peer ip] | delete IKE SA |
| vpn shell /tunnels/delete/IPsec/peer/[peer ip] | delete Phase 2 SA |
| vpn shell /show/tunnels/ike/peer/[peer ip] | show IKE SA |
| vpn shell /show/tunnels/ipsec/peer/[peer ip] | show Phase 2 SA |
| vpn shell show interface detailed [VTI name] | show VTI detail |
Gaia Show (Clish) Commands
| save config | save the current configuration |
| show commands | shows all commands |
| show allowed-client all | show allowed clients |
| show arp dynamic all | displays the dynamic arp entries |
| show arp proxy all | shows proxy arp |
| show arp static all | displays all the static arp entry |
| show as | displays autonomous system number |
| show assets all | display hardware information |
| show bgp stats | shows bgp statistics |
| show bgp summary | shows summary information about bgp |
| show vrrp stats | show vrrp statistics |
| show bootp stats | shows bootp/dhcp relay statistics |
| show bootp interface | show all bootp/dhcp relay interfaces |
| show bonding group | show all bonding groups |
| show bridging groups | show all bridging groups |
| show backups | shows a list of local backups |
| show backup status | show the status of a backup or restore operation being performed |
| show backup last-successful | show the latest successful backup |
| show backup logs | show the logs of the recent backups/restores performed |
| show clock | show current clock |
| show configuration | show configuration |
| show-config state | shows the state of configuration either saved or unsaved |
| show date | shows date |
| show dns primary | shows primary dns server |
| show dns secondary | shows secondary dns server |
| show extended commands | shows all extended commands |
| show groups | shows all user groups |
| show hostname | show host name |
| show inactivity-timeout | shows inactivity-timeout settings |
| show interfaces | shows all interfaces |
| show interfaces ethx | shows settings related to an interface “x |
| show interfaces | show detailed information about all interfaces |
| show ipv6-state | shows ipv6 status as enabled or disabled |
| show management interface | shows management interface configuration |
| show ntp active | shows ntp status as enabled or disabled |
| show ntp servers | shows ntp servers |
| show ospf database | shows ospf database information |
| show ospf neighbors | shows ospf neighbors information |
| show ospf summary | shows ospf summary information |
| show pbr rules | shows policy based routing rules |
| show pbr summary | shows policy based routing summary information |
| show pbr tables | show pbr tables |
| show route | shows routing table |
| show routed version | shows information about routed version |
| show snapshots | shows a list of local snapshots |
| show snmp agent-version | shows whether the version is v1/v2/v3 |
| show snmp interfaces | shows snmp agent interface |
| show snmp traps receivers | shows snmp trap receivers |
| show time | shows local machine time |
| show timezone | show configured timezone |
| show uptime | show system uptime |
| show users | show configured users and their homedir, uid/gid and shell |
| show user <username> | shows settings related to a particular user |
| show version all | shows version related to os edition, kernel version, product version etc |
| show virtual-system all | show virtual-systems configured |
| show vpn tunnels | use to show the vpn tunnels |
| show vrrp stats | shows vrrp status |
| show vrrp interfaces | shows vrrp enabled interfaces |
Gaia Set (Clish) Commands
| add allowed-client host any-host / add allowed-client host <ip address> | add any host to the allowed clients list/ add allowed client by ipv4 address |
| add backup local | create and store a backup file in /var/cpbackups/backups/( on open servers) or /var/log/cpbackup/backups/ ( on checkpoint appliances) |
| add backup scp ip value path value username value | adds backup to scp server |
| add backup tftp ip value [ interactive ] | adds backup to tftp server |
| add snapshot | create snapshots which backs up everything like os configuration, checkpoint configuration, versions, patch level), including the drivers |
| add syslog log-remote-address <ip address> level <emerg/alert/crit/err/warning/notice/info/debug/all> | specifies syslog parameters |
| add user <username> uid <user-id-value> homedir | creates a user |
| expert | executes system shell |
| halt | put system to halt |
| history | shows command history |
| lock database override | overrides the config-lock settings |
| quit | exits out of a shell |
| reboot | reboots a system |
| restore backup local [value] | restores local backup interactively |
| rollback | ends the transaction mode by reverting the changes made during transaction |
| save config | save the current configuration |
| set backup restore local <filename> | restores a local backup |
| set core-dump <enable/disable> | enable/disable core dumps |
| set date yyyy-mm-dd | sets system date |
| set dhcp server enable | enable dhcp server |
| set dns primary <x.x.x.x> | sets primary dns ip address |
| set dns secondary <x.x.x.x> | sets secondary dns ip address |
| set expert-password | set or change password for entering into expert mode |
| set edition default <value> | set the default edition to 32-bit or 64-bit |
| set hostname <value> | sets system hostname |
| set inactivity-timeout <value> | sets the inactivity timeout |
| set interface ethx ipv4-address x.x.x.x mask-length 24 | adds ip address to an interface |
| set ipv6-state on/off | sets ipv6 status as on or off |
| set kernel-routes on/off | sets kernel routes to on/off state |
| set management interface <interface name> | sets an interface as management interface |
| set message motd value | sets message of the day |
| set ntp active on/off | activates ntp on/off |
| set ntp server primary x.x.x.x version <1/2/3/4> | sets primary ntp server |
| set ntp server secondary x.x.x.x version <1/2/3/4> | sets secondary ntp server |
| set snapshot revert<filename> | revert the machine to the selected snapshot |
| set snmp agent on/off | sets the snmp agent daemon on/off |
| set snmp agent-version <value> | sets snmp agent version |
| set snmp community <value> read-only | sets snmp readonly community string |
| add snmp interface <interface name> | sets snmp agent interface |
| set snmp traps receiver <ip address> version v1 community value | specifies trap receiver |
| set snmp traps trap <value> | set snmp traps |
| set static-route x.x.x.x/24 nexthop gateway address x.x.x.x on | adds specific static route |
| set time <value> | sets system time |
| set time zone <time-zone> | sets the time zone |
| set vsx off | sets vsx mode on |
| set vsx on | sets vsx mode off |
| set user <username> password | sets users password |
| set web session-timeout <value> | sets web configuration session time-out in minutes |
| set web ssl-port <value> | sets the web ssl-port for the system |
Few Useful SPLAT CLI Commands
| router | Enters router mode for use on Secure Platform Pro for advanced routing options |
| patch add cd | Allows you to mount an iso and upgrade your checkpoint software (SPLAT Only) |
| backup | Allows you to preform a system operating system backup |
| restore | Allows you to restore your backup |
| snapshot | Performs a system backup which includes all Check Point binaries. Note : This issues a cpstop. |
Few Useful VSX CLI Commands
| vsx get [vsys name/id] | get the current context |
| vsx set [vsys name/id] | set your context |
| fw -vs [vsys id] getifs | show the interfaces for a virtual device |
| fw vsx stat -l | shows a list of the virtual devices and installed policies |
| fw vsx stat -v | shows a list of the virtual devices and installed policies (verbose) |
| reset_gw | resets the gateway, clearing all previous virtual devices and settings. |
