View
227
Download
1
Embed Size (px)
Citation preview
8/10/2019 Checkpoint_CLI_summary ( )
1/30
cphaprob stat List cluster status
cphaprob -a if List status of interfaces
cphaprob syncstat shows the sync status
cphaprob list Shows a status in list form
cphastart/stop Stops clustering on the specfic nodecp_conf sic SIC stuff
cpconfig config util
cplic print prints the license
cprestart Restarts all Check Point Services
cpstart Starts all Check Point Services
cpstop Stops all Check Point Services
cpstop -fwflag -proc Stops all checkpoint Services but keeps policy active in kernel
cpview CPU, cpwd_admin list List checkpoint processes
cplic print Print all the licensing information.
cpstat -f all polsrv Show VPN Policy Server Stats
cpstat Shows the status of the firewall
cpstat -f policy fw
fw tab -t sam_blocked_ips Block IPS via SmartTracker
fw tab -t connections -s Show connection stats
fw tab -t connections -f Show connections with IP instead of HEX
fw tab -t fwx_alloc -f Show fwx_alloc with IP instead of HEX
fw tab -t peers_count -s Shows VPN stats
fw tab -t userc_users -s Shows VPN stats
fw checklic Check license details
fw ctl get int [global kernel parameter] Shows the current value of a global kernel parameter
fw ctl set int [global kernel parameter][value] Sets the current value of a global keneral parameter. Only Temp ; Cleared after reboot.
fw ctl arp Shows arp table
fw ctl install Install hosts internal interfaces
fw ctl ip_forwarding Control IP forwarding
fw ctl pstat System Resource stats
fw ctl uninstall Uninstall hosts internal interfaces
fw exportlog .o Export current log file to ascii file
fw fetch Fetch security policy and install
fw fetch localhost Installs (on gateway) the last installed policy.
fw hastat Shows Cluster statistics
fw lichosts Display protected hosts
fw log -f Tail the current log filefw log -s -e Retrieve logs between times
fw logswitch Rotate current log file
fw lslogs Display remote machine log-file list
fw monitor Packet sniffer
fw printlic -p Print current Firewall modules
fw printlic Print current license details
fw putkey Install authenication key onto host
fw stat -l Long stat list, shows which policies are installed
fw stat -s Short stat list, shows which policies are installed
fw unloadlocal Unload policy
fw ver -k Returns version, patch info and Kernal infofwstart Starts the firewall
fwstop Stop the firewall
Check Point commands generally come under cp (general), fw (firewall), and fwm (management).
CP, FW & FWM
8/10/2019 Checkpoint_CLI_summary ( )
2/30
mdsenv [cma name] Sets the mds environment
mcd Changes your directory to that of the environment.
mds_setup To setup MDS Servers
mdsconfig Alternative to cpconfig for MDS servers
mdsstat To see the processes status
mdsstart_customer [cma name] To start cmamdsstop_customer [cma name] To stop cma
cma_migrate To migrate an Smart center server to CMA
cmamigrate_assist If you dont want to go through the pain of tar/zip/ftp and if you wish to enable FTP on Smartcenter server
vpn tu VPN utility, allows you to rekey vpn
vpn ipafile_check ipassignment.conf detail Verifies the ipassignment.conf file
dtps lic show desktop policy license status
cpstat -f all polsrv show status of the dtps
vpn shell /tunnels/delete/IKE/peer/[peer ip] delete IKE SA
vpn shell /tunnels/delete/IPsec/peer/[peerip] delete Phase 2 SA
vpn shell /show/tunnels/ike/peer/[peer ip] show IKE SA
vpn shell /show/tunnels/ipsec/peer/[peer ip] show Phase 2 SA
vpn shell show interface detailed [VTIname] show VTI detail
fw ctl zdebug drop shows dropped packets in realtime / gives reason for drop
router Enters router mode for use on Secure Platform Pro for advanced routing options
patch add cd Allows you to mount an iso and upgrade your checkpoint sof tware (SPLAT Only)
backup Allows you to preform a system operating system backuprestore Allows you to restore your backup
snapshot Performs a system backup which includes all Check Point binaries. Note : This issues a cpstop.
vsx get [vsys name/id] get the current context
vsx set [vsys name/id] set your context
fw -vs [vsys id] getifs show the interfaces for a virtual device
fw vsx stat -l shows a list of the virtual devices and installed policies
fw vsx stat -v shows a list of the virtual devices and installed policies (verbose)
reset_gw resets the gateway, clearing all previous virtual devices and settings.
VSX
Provider 1
Debugging
SPLAT Only
VPN
http://www.fir3net.com/Firewalls/Checkpoint/configuring-per-ip-assignment-using-ipassignmentconf-in-checkpoint.htmlhttp://www.fir3net.com/UNIX-/-Linux/General-UNIX/unix-how-to-mount-an-iso-image.htmlhttp://www.fir3net.com/UNIX-/-Linux/General-UNIX/unix-how-to-mount-an-iso-image.htmlhttp://www.fir3net.com/Firewalls/Checkpoint/configuring-per-ip-assignment-using-ipassignmentconf-in-checkpoint.htmlhttp://www.fir3net.com/Firewalls/Checkpoint/configuring-per-ip-assignment-using-ipassignmentconf-in-checkpoint.html8/10/2019 Checkpoint_CLI_summary ( )
3/30
seful CP Commands
Commandcpconfigcphaprob ldstat
cphaprob stat
cphaprob syncstat
cphastop
cplic printcpstart
cpstat fw
cpstat ha
cpstat os -f all
cpstat os -f cpucpstat os -f routingcpstop
cpwd_admin monitor_list
Useful FW Commands
Commandfw ctl iflistfw ctl pstatfw exportlog -ofw fetch fw log
fw log -b
fw log -c drop
fw log -f fwm logexport -i -o fw logswitchfw lslogs
fw stat
fw stat -l
fw tabfw tab -s -t connectionsfw tab -t xlate -xfw unloadlocalfw ver
VARIOUS HEALTH RELATED COMMANDS
Table 1. Useful CP Comm
Table 2. Useful FW Comm
8/10/2019 Checkpoint_CLI_summary ( )
4/30
Command
fw ctl pstatfw exportlog -ofw fetch fw log
fw log -b
fw log -c drop
fw log -f fwm logexport -i -o fw logswitchfw lslogs
fw stat
fw stat -l
fw tabfw tab -s -t connectionsfw tab -t xlate -xfw unloadlocalfw ver
fw monitor -e 'accept (src=10.1.1.1 and dst=20.2.2.2) or (src=20.2.2.
tcpdump -w capture.pcap -i eth-s1p2c0 host 10.1.1.1 and host 20.2.tcpdump -nni any host 10.1.1.1 -w capture.pcaptcpdump -nni any host 10.1.1.1 and host 20.2.2.2 -w capture.pcap
[Expert@fw]# fw monitor -e "src=192.168.1.100 or dst=192.168.1.100,accept;"
##FW MONITOR Examples###
fw monitor -e accept host(192.168.1.12); [Showpackets with IP 192.168.1.12 as SRC or DST:]
fw monitor -e accept src=192.168.1.12 and dst=192.168.3.3;[Show all packets from 192.168.1.12 to 192.168.3.3:]
fw monitor -pi ipopt_strip -e accept udpport(53);[Show UDP port 53 (DNS) packets, pre-in position is before
'ippot_strip':]
fw monitor -m O -e accept udp and (sport>1023 or dport>1023);[Show UPD traffic from or to unprivileged ports, only show post-
out]
swapinfo
8/10/2019 Checkpoint_CLI_summary ( )
5/30
fw monitor -e accept host(192.168.1.12) and tracert;[Show Windows traceroute (ICMP, TTL
8/10/2019 Checkpoint_CLI_summary ( )
6/30
Descriptionchange SIC, licenses and moredisplay sync serialization statistics
list the state of the high availability cluster members.Should show active and standby devices.
display sync transport layer statisticsstop a cluster member from passing traffic. Stopssynchronization. (emergency only)license informationstart all checkpoint servicesshow policy name, policy install time and interfacetablehigh availability statecheckpoint interface table, routing table, version,memory status, cpu load, disk spacecheckpoint cpu statuscheckpoint routing tablestop all checkpoint serviceslist processes actively monitored. Firewall shouldcontain cpd and vpnd.
Descriptionshow interface namesshow control kernel memory and connectionsexport the current log file to asciiget the policy from the firewall manager show the content of the connections logsearch the current log for activity between specifictimes, egsearch for dropped packets in the active log; also canuse accept or reject to searchtail the current logexport an old log file on the firewall manager rotate logslist firewall logsfirewall status, should contain the name of the policyand the relevant interfaces.show which policy is associated with which interface
and package drop, accept and rejectdisplays firewall tablesnumber of connections in state tableclear all translated entriesclear local firewall policyfirewall version
nds
nds
8/10/2019 Checkpoint_CLI_summary ( )
7/30
Description
show control kernel memory and connectionsexport the current log file to asciiget the policy from the firewall manager show the content of the connections log
search the current log for activity between specifictimes, egsearch for dropped packets in the active log; also canuse accept or reject to searchtail the current logexport an old log file on the firewall manager rotate logslist firewall logsfirewall status, should contain the name of the policyand the relevant interfaces.show which policy is associated with which interfaceand package drop, accept and rejectdisplays firewall tablesnumber of connections in state tableclear all translated entriesclear local firewall policyfirewall version
2 and dst=10.1.1.1);' -m iIoO -o wireshark.pcap
.2chsh -s /bin/bash adminscp /var/log/dlp_mon_141113_1.cap [email protected]:/home/admin/
fw monitor -e "src=150.3.18.155 or dst=150.3.18.155, accept;" -o /var/log/fw_mon_141113_155.cap
fw monitor -e "src=150.3.18.155 or dst=150.3.18.155, accept;" -o /var/log/dlp_mon_141113_155.ca
fw monitor -e "src=150.3.18.221 or dst=150.3.18.221, accept;"
8/10/2019 Checkpoint_CLI_summary ( )
8/30
fw monitor -e "src=150.3.18.221 or dst=150.3.18.221, accept;"
fw monitor -e "src=150.3.18.155 or dst=150.3.18.155, accept;"
fw monitor -e "src=150.3.18.155 or dst=150.3.18.155, accept;"
8/10/2019 Checkpoint_CLI_summary ( )
9/30
8/10/2019 Checkpoint_CLI_summary ( )
10/30
8/10/2019 Checkpoint_CLI_summary ( )
11/30
VARIOUS HEALTH RELATED COMMANDS
Command
cpstat os -f cpucpstat os -f memory
show useful-stats
vmstat 2fw tab -s -t connectionfw tab -t fwx_alloc -snetstat -iipsctl -a | grep eth-s3p1:errorsps -auxcp_conf sic stateckp_regedit -p SOFTWARE/CHECKPOINT/SICgrep -i icaip $CPDIR/registry/HKLM_*ipsctl -a | grep capabilitiesipsctl -i
CHECK SERIAL NUMBER
cat /var/etc/.nvramfw ctl zdebug drop | grep 1414CHECK IF DISKLESS
dmesg | grep flashsystem is flash-based, running in diskless mode
REBOOTsync;sync;reboot
RESTART FWD#precheck
date; grep ipsrd:instance:default:vrrp:nomonitorfw t /config/active; echosh vrrp | iclid; netstat -an | grep 257; ps aux | grep fwd; swapinfo;
#restart$CPDIR/bin/cpwd_admin stop -name FWD -path $FWDIR/bin/fw -command fw kill fwd; sleep 1; ps aux | grep fwd;$CPDIR/bin/cpwd_admin start -name FWD -path $FWDIR/bin/fw -command fwd#post-checkecho sh vrrp | iclid; date; ps aux | grep fwd; netstat -an | grep 257;swapinfo;
SAVE VOYAGERclishsave configexitdbset :save
ROUTES AND ARPPROXYecho sh route | iclidclish -s -c set static-route [route]/[mask] nexthop gateway address[gateway] onclish -s -c add arpproxy address [address] macaddress 0:0:0:0:0:0arpproxy is needed when it is part of a directly connected network
clear arp tableclish
swapinfo
clish
8/10/2019 Checkpoint_CLI_summary ( )
12/30
delete arpdynamic all doesnt delete proxy arpsENABLING INTERFACE & VRRP (Simplified mode)
clish -s -c set interface eth-s4p1 active onclish -s -c set interface eth-s4p1 link_trap onclish -s -c set interface eth-s4p1 auto-advertise offclish -s -c set interface eth-s4p1c0 enableclish -s -c add interface eth-s4p1c0 address x.x.x.x/xx
clish -s -c set interface eth-s4p1 speed 100M duplex fullclish -s -c add mcvr vrid backup-address save configexit
BOUNCE INTERFACE (SPLAT)ifconfig eth-s4p3c0 downifconfig eth-s4p3c0 up
BOUNCE INTERFACE (IPSO)ifdown eth-s4p3c0
ifup eth-s4p3c0 VPN TroubleshootingLocal enc domain
fw tab -t vpn_enc_domain_valid -f -uRemote enc domain
fw tab -t vpn_routing -f -u | grep 10.1.6014:43SPLAT
Add Route:route add -net 123.45.44.0 netmask 255.255.255.0 gw 123.45.56.1route savePreferred method is using cos_config as the save parameter for routemay not exist on some systems.
Check Route (SPLAT):ip route get xx.xx.xx.xx
Proxy Arp on SPLATarp -s pub**NOTE: This should also be added to the startup script /etc/rc.local onboth firewalls is this is an HA cluster (remember use the physical mac address of the interface you are proxyarping on, not the cluster mac)$FWDIR/conf/local.arp
Check to see if device is disklessipsctl kern:diskless
Fix IP265 if stuck at #
fsck -fyb 32mkdir /var/emhome/admincp /etc/skel/* /var/emhome/admin
Identify switchtcpdump -n -i eth-s4p4c2 -s 1500 -w -c 1 ether dst 1:0:c:cc:cc:cc andgreater 75|strings -3a
8/10/2019 Checkpoint_CLI_summary ( )
13/30
Description
** CPU Usage **** Memory Usage **
** Memory Usage %
** free mem and cpu **** Checks current/max connections **** Shows Translation Table Connections** Check for interface errors/collisions **** detailed interface errors **** Show processes **** Check SIC ****!ckp****find CMA IP****Check Int Capabilities**Menu with all hardware**
8/10/2019 Checkpoint_CLI_summary ( )
14/30
cphaprob stat List cluster statuscphaprob -a if List status of interfaces
cphaprob syncstat shows the sync statuscphaprob list Shows a status in list formcphastart/stop Stops clustering on the specfic nodecp_conf sic SIC stuff cpconfig config utilcplic print prints the license
cprestart Restarts all Check Point Servicescpstart Starts all Check Point Services
cpstop Stops all Check Point Services
cpstop -fwflag -proc Stops all checkpoint Services but keeps policyactive in kernel
cpwd_admin list List checkpoint processes
cplic print Print all the licensing information.
cpstat -f all polsrv Show VPN Policy Server Stats
cpstat Shows the status of the firewall
fw tab -t sam_blocked_ips Block IPS via SmartTracker fw tab -t connections -s Show connection stats
fw tab -t connections -f Show connections with IP instead of HEXfw tab -t fwx_alloc -f Show fwx_alloc with IP instead of HEXfw tab -t peers_count -s Shows VPN stats
fw tab -t userc_users -s Shows VPN stats
fw checklic Check license detailsfw ctl get int [global kernel parameter] Shows the current value of a global kernel
parameter fw ctl set int [global kernel parameter][value]
Sets the current value of a global keneralparameter. Only Temp ; Cleared after reboot.
fw ctl arp Shows arp tablefw ctl install Install hosts internal interfaces
fw ctl ip_forwarding Control IP forwardingfw ctl pstat System Resource stats
fw ctl uninstall Uninstall hosts internal interfacesfw exportlog .o Export current log file to ascii filefw fetch Fetch security policy and installfw fetch localhost Installs (on gateway) the last installed policy.
CP, FW & FWM
8/10/2019 Checkpoint_CLI_summary ( )
15/30
fw hastat Shows Cluster statisticsfw lichosts Display protected hostsfw log -f Tail the current log filefw log -s -e Retrieve logs between times
fw logswitch Rotate current log filefw lslogs Display remote machine log-file listfw monitor Packet sniffer fw printlic -p Print current Firewall modulesfw printlic Print current license detailsfw putkey Install authenication key onto hostfw stat -l Long stat list, shows which policies are
fw stat -s Short stat list, shows which policies arefw unloadlocal Unload policy
fw ver -k Returns version, patch info and Kernal infofwstart Starts the firewallfwstop Stop the firewall
fwm lock_admin -v View locked admin accountsfwm dbexport -f user.txt used to export users , can also use dbimport
fwm_start starts the management processes
fwm -p Print a list of Admin usersfwm -a Adds an Adminfwm -r Delete an administrator
mdsenv [cma name] Sets the mds environment
mcd Changes your directory to that of themds_setup To setup MDS Serversmdsconfig Alternative to cpconfig for MDS serversmdsstat To see the processes status
mdsstart_customer [cma name] To start cmamdsstop_customer [cma name] To stop cma
cma_migrate To migrate an Smart center server to CMA
cmamigrate_assist If you dont want to go through the pain oftar/zip/ftp and if you wish to enable FTP onSmart center server
vpn tu VPN utility, allows you to rekey vpnvpn ipafile_check ipassignment.conf Verifies the ipassignment.conf filedtps lic show desktop policy license status
cpstat -f all polsrv show status of the dtpsvpn shell /tunnels/delete/IKE/peer/[peer delete IKE SA
vpn shell /tunnels/delete/IPsec/peer/[peer delete Phase 2 SA
https://www.fir3net.com/Firewalls/Checkpoint/configuring-per-ip-assignment-using-ipassignmentconf-in-checkpoint.htmlhttps://www.fir3net.com/Firewalls/Checkpoint/configuring-per-ip-assignment-using-ipassignmentconf-in-checkpoint.htmlhttps://www.fir3net.com/Firewalls/Checkpoint/configuring-per-ip-assignment-using-ipassignmentconf-in-checkpoint.html8/10/2019 Checkpoint_CLI_summary ( )
16/30
vpn shell /show/tunnels/ike/peer/[peer ip] show IKE SAvpn shell /show/tunnels/ipsec/peer/[peer show Phase 2 SAvpn shell show interface detailed [VTI show VTI detail
fw ctl zdebug drop shows dropped packets in realtime / gives
reason for drop
router Enters router mode for use on SecurePlatform Pro for advanced routing options
patch add cd Allows you to mount an iso and upgrade yourcheckpoint software (SPLAT Only)
backup Allows you to preform a system operatingsystem backup
restore Allows you to restore your backupsnapshot Performs a system backup which includes all
Check Point binaries. Note : This issues a
vsx get [vsys name/id] get the current contextvsx set [vsys name/id] set your contextfw -vs [vsys id] getifs show the interfaces for a virtual devicefw vsx stat -l shows a list of the virtual devices and installed
policiesfw vsx stat -v shows a list of the virtual devices and installed
policies (verbose)reset_gw resets the gateway, clearing all previous virtual
devices and settings.
DEBUGGING
SPLAT ONLY
https://www.fir3net.com/UNIX-/-Linux/General-UNIX/unix-how-to-mount-an-iso-image.htmlhttps://www.fir3net.com/UNIX-/-Linux/General-UNIX/unix-how-to-mount-an-iso-image.htmlhttps://www.fir3net.com/UNIX-/-Linux/General-UNIX/unix-how-to-mount-an-iso-image.htmlhttps://www.fir3net.com/UNIX-/-Linux/General-UNIX/unix-how-to-mount-an-iso-image.htmlhttps://www.fir3net.com/UNIX-/-Linux/General-UNIX/unix-how-to-mount-an-iso-image.html8/10/2019 Checkpoint_CLI_summary ( )
17/30
Feature or Extendedor Base category
ifconfig extended UNIX
netstat extended UNIXtop extended UNIXping extended/feature Networkingmessage feature GAIA environmentsysenv feature GAIA environmentdomainname feature Networkinginterface feature Networkinginterfaces feature Networkingroute feature Networkingallowed-client feature Platform adminclock feature Platform admin
date feature Platform adminedition feature Platform adminhost feature Platform adminhostname feature Platform adminhw-monitor feature Platform admininactivity-timeout feature Platform admin
lcd feature Platform admintime feature Platform admintimezone feature Platform adminversion feature Platform admincd feature UNIXuptime feature UNIXcat extended UNIXclienv feature GAIA environmentformat feature GAIA environment
tag feature GAIA environmentbackup feature Platform adminbackups feature Platform adminbackup-scheduled feature Platform adminselfpasswd feature Platform adminsnapshot feature Platform admin
snapshots feature Platform adminhistory base GAIA commands
lock base GAIA commandsquit base GAIA commandsrollback base GAIA commandssave base GAIA commandsexit base GAIA environmentexpert base GAIA environment
Expert
8/10/2019 Checkpoint_CLI_summary ( )
18/30
help base GAIA environmenthalt base Platform adminreboot base Platform adminupgrade cd base Platform adminupgrade local VALUE base Platform adminver base Platform adminfips extended ???
config_system extended GAIA commandsping6 extended Networking
cpshared_ver extended Platform admin
diag extended Platform adminpatch extended Platform adminraid_diagnostic extended Platform adminraidconfig extended Platform admincp_conf extended Platform Subsystem
cpca extended Platform Subsystemcpca_client extended Platform Subsystemcpca_create extended Platform Subsystemcpca_dbutil extended Platform Subsystemcpconfig extended Platform Subsystemcphaprob extended Platform Subsystemcphastart extended Platform Subsystemcphastop extended Platform Subsystemcpinfo extended Platform Subsystemcplic extended Platform Subsystemcpstart extended Platform Subsystemcpstat extended Platform Subsystemcpstop extended Platform Subsystemcpwd_admin extended Platform Subsystemdtps extended Platform Subsystemetmstart extended Platform Subsystemetmstop extended Platform Subsystemfgate extended Platform Subsystemfw extended Platform Subsystemfwaccel extended Platform Subsystemfwm extended Platform Subsystemips extended Platform SubsystemLSMcli extended Platform Subsystem
LSMenabler extended Platform Subsystemrtm extended Platform Subsystemrtmstart extended Platform Subsystemrtmstop extended Platform Subsystemrtmtopsvc extended Platform Subsystemsim extended Platform SubsystemSnortConvertor extended Platform Subsystemvpn extended Platform Subsystemvsx_util extended Platform Subsystem
8/10/2019 Checkpoint_CLI_summary ( )
19/30
traceroute extended UNIXscratchpad feature ???auditlog feature ????ftw feature ????logging feature ????database feature ?????slot feature ?????
aggregate feature Dynamic routing admin
as feature Dynamic routing admin
bgp feature Dynamic routing admin
igmp feature Dynamic routing admin
instance feature Dynamic routing admin
kernel-routes feature Dynamic routing admin
max-path-splits feature Dynamic routing admin
mcvr feature Dynamic routing admin
mfc feature Dynamic routing admin
neighbor feature Dynamic routing admin
neighbor-entry feature Dynamic routing admin
ospf feature Dynamic routing admin
pbr feature Dynamic routing admin
pbr-combine-static feature Dynamic routing admin
pbr-routing-group feature Dynamic routing admin
pim feature Dynamic routing admin
pppoe feature Dynamic routing admin
protocol-rank feature Dynamic routing admin
rdisc feature Dynamic routing admin
rip feature Dynamic routing admin
routed feature Dynamic routing admin
8/10/2019 Checkpoint_CLI_summary ( )
20/30
route-injection feature Dynamic routing admin
routemap feature Dynamic routing admin
routemaps feature Dynamic routing admin
router-id feature Dynamic routing admin
router-options feature Dynamic routing admin
show-route-all feature Dynamic routing admin
trace feature Dynamic routing admin
tracefile feature Dynamic routing admincommand feature GAIA commandscommands feature GAIA commands
config feature GAIA commandsconfig-lock feature GAIA commandsconfig-state feature GAIA commandsconfiguration feature GAIA commandsextended feature GAIA commandsstart feature GAIA commandstransaction feature GAIA commandsarp feature Networkingbonding feature Networkingbootp feature Networkingbridging feature Networkingdefault-route feature Networkingdhcp feature Networkingdns feature Networkinginterface-group feature Networkingiphelper feature Networkingipv6 feature Networkingipv6-state feature Networkingmanagement feature Networkingnet-access feature Networkingnexthop-selection feature Networkingstatic6 feature Networkingstatic-mroute feature Networking
static-route feature Networkingaaa-servers feature Platform admindownload feature Platform adminexpert-password feature Platform admin
fcd feature Platform admingroup feature Platform admingroups feature Platform adminimport feature Platform admin
8/10/2019 Checkpoint_CLI_summary ( )
21/30
inactto feature Platform admininstall feature Platform admininstaller feature Platform admininstaller_mail feature Platform admininstaller_policy feature Platform adminlocal feature Platform adminlogicalvolume feature Platform admin
mail-notification feature Platform adminmaintenance-group feature Platform adminmanage-image feature Platform adminmgmtAdmin feature Platform adminmgmt-gui-clients feature Platform adminntp feature Platform adminpassword-controls feature Platform adminprod-maintain feature Platform adminrba feature Platform admin
revert feature Platform admin
security-access-group feature Platform adminsoftware-updates-group feature Platform adminssmtp feature Platform adminstop feature Platform adminsystem-group feature Platform admintacacs_enable feature Platform adminuninstall feature Platform adminupgrade feature Platform adminuser feature Platform adminusers feature Platform adminvolume feature Platform adminweb feature Platform admin
adv-vrrp feature Platform Subsystemblades feature Platform Subsystemcertificate_authority feature Platform Subsystemcluster_ha feature Platform Subsystemhigh-avail-group feature Platform Subsystemlicense_activation feature Platform Subsystemproxy feature Platform Subsystemrestore_policy feature Platform Subsystemsmart-console feature Platform Subsystemsnmp feature Platform Subsystemsysconfig feature Platform Subsystem
syslog feature Platform Subsystemvirtual-system feature Platform Subsystemvpnt feature Platform Subsystemvrrp feature Platform Subsystem
8/10/2019 Checkpoint_CLI_summary ( )
22/30
vrrp6 feature Platform Subsystemvsx feature Platform Subsystemcron feature UNIX
8/10/2019 Checkpoint_CLI_summary ( )
23/30
DescriptionNetworking
NetworkingShow OS processesNetworkingmsg of the daycli environment for tabs, lines, columnsNetworkingNetworkingNetworkingroutingClient that can connect to platformtime
timeversion of OShost namehost name????session timeout
For appliances, the front panel LCD adminTime adminTimezone adminversion of systemchange directoryhow much time has system been upprint fileGAIA environmentdate, net,tim formats
cli environment to create comment tagsbackup systemlist backupsbuild backup schedulechange current passwordTake an image of the system
Show system imageshistory of commandslock database override to get control of GAIAconfig databaseexit GAIArollback a GAIA batch transactionconfig or client evironmentexit out of GAIAgo into SPLAT mode
8/10/2019 Checkpoint_CLI_summary ( )
24/30
stop OSreboot OSpatch upgrade via cdupgradesversion of system???
load file to config systemNetworking
Print out description of cpshared version,doesn't seem to work, only in SPLAT
Send system diagnostics information to tftpinstall patchRAID infoRAID infocp specific commands
certificate authoritycertificate authority admincertificate authority admincertificate authority adminconfigure platform with cpconfigchange HA statusstop HAstart HAgenerate cpinfo informationcheck licensestart firewallcheck firewall statusstop firewallwatchdog admin for cp processesclient VPN policy server adminqosqosfloodgatecheckpoint cmdscheckpoint cmdscheckpoint cmdsIntrusion Prevention System adminprovisioning
provisioningSmartMonitor adminSmartMonitor adminSmartMonitor adminSmartMonitor adminSecureXL adminConvert logs for Snort to readvpn adminmgt server vsx admin
8/10/2019 Checkpoint_CLI_summary ( )
25/30
Unix traceroute??????????????????????????
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
??????
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
policy based routing
????
????
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
8/10/2019 Checkpoint_CLI_summary ( )
26/30
?????
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
Dynamic routing admin
?????
Debug dynamic routing
Debug dynamic routingGAIA commandsGAIA commands
GAIA command configurationget config lockshow if commands savedload config file with config commandsshow extended commandsstart batch GAIA commandsbatch transactionsmanual arpNetworkingNetworkingNetworkingNetworkingNetworkingNetworking?????Networkingdyhnamic routingDynamic routing adminset mgt interfacetelnet accessNetworkingIPV6 static routNetworking multicast route????
routingauthenticationinstalling filesset expert password
set fcd revert - possibly a snapshot rever?GAIA groups of usersGAIA groups of usersInstall files
8/10/2019 Checkpoint_CLI_summary ( )
27/30
Install filesInstallInstallInstall filesInstall filesupgradechange volume info???
email notices???????????????time NTPset password complexity????role based adminRevert GAIA configuration database back to???
????Update new software????????install????Enable TACAS authenticationinstallinstallcli userscli usersmove space to/from backup volumeWebUI params
VRRP admin????Cert admin???HA admin????HA admin????????proxy for mail and spam checkingInstall????SNMP adminCP sysconfig menu
set syslog cplogsoff - Do not send syslogs to Check Point's logson - Send system syslogs to Check Point'slogs
VSX set environmentVpn configvrrp failover admin
8/10/2019 Checkpoint_CLI_summary ( )
28/30
Vrrp configwebui for vsxcreate batch jobs
8/10/2019 Checkpoint_CLI_summary ( )
29/30
-P : -p : preserve , , .-r : recursive / .-C : Compression
cd $FWDIR -> /opt/CPsuite-R77/fw1./opt/CPsuite-R77/fw1/bin/upgrade_tools/upgrade_expert [finename]backup-> Are you sure you want to proceed (y/n) [y]? Y
./opt/CPsuite-R77/fw1/bin/upgrade_tools/upgrade_import [finename]restore
fw monitor -e "accept;" -o fwmonitor_dlp1_standby.pcap-i gateway -I gateway -o gateway -O gateway
tcpdump -i eth-s1p1c0 -w trace.pcap
tcpdump -i eth-s1p1c0 -s 320 -vv udp port 520
tcpdump -i eth-s1p1c0 -s 320 -vv proto igrptcpdump -i eth-s1p1c0 tcp port 23tcpdump -i interface host X.X.X.X
tcpdump -i interface host 10.2.3.4 and not port 80tcpdump -i interface host 10.2.3.4 or host 10.2.3.5
tcpdump -i eth-s1p1c3 vlan 6
tcpdump -i vlan | grep tcpdumptcpdump -s 320 -i eth-s1p1c0tcpdump -s 1500 -i eth-s1p1c0 -w /var/log/tcpdump_s1p1c0.cap
bash
F
Command
Command
scp host:/home/filename /home/admin-> scp 192.168.0.1:/home/test.txt /home/admin
Command
scp filename host:/home/admin-> scp ./test.txt 192.168.0.1:/home/admin
Command
Command
Commandchsh -s /bin/bash [ ]chsh -s /bin/bash admin
8/10/2019 Checkpoint_CLI_summary ( )
30/30
SCP, ftp .Default Shell Information : bash
Local Host (Upload)
Local Host (Download)
$FWDIR /opt/CPsuite-R77/fw1 Local License, Policy, NAT, Topology gateway (Web GUI system backup )
tcpdump
tcpdump eth-slp1c0 trace.pcap .The following will show all RIP traffic on the network attached to eth-s1p1c0.RIP runs over UDP port 520The following will show all IGRP traffic on the network connected to eth-s1p1c0.The following will show all telnet traffic on the network connected to eth-s1p1c0.Filtering for a specific host
For example, to capture packets on eth1c0 that are to host 10.2.3.4 and NOT to port 80To capture packets on eth1c0 that are to host 10.2.3.4 or 10.3.2.5:
If your ethernet interfaces are configured with VLANs, and you're using IPSO 3.6 andlater, you can filter with tcpdump, based on vlans, by passing "vlan n" as anargument (where n is the VLAN number).
To use tcpdump to filter on a virtual (i.e., vlan) interface, use the commandLimit the size (in bytes) of captured packets (by default, only headers are captured)Save the captured traffic into a file (for later deeper analysis in WireShark)
MONITOR
CPDUMP
Backup
Restore
SCP