복사본 Checkpoint_CLI_summary (자동 저장됨)

8/10/2019 Checkpoint_CLI_summary ( )

1/30

cphaprob stat List cluster status

cphaprob -a if List status of interfaces

cphaprob syncstat shows the sync status

cphaprob list Shows a status in list form

cphastart/stop Stops clustering on the specfic nodecp_conf sic SIC stuff

cpconfig config util

cplic print prints the license

cprestart Restarts all Check Point Services

cpstart Starts all Check Point Services

cpstop Stops all Check Point Services

cpstop -fwflag -proc Stops all checkpoint Services but keeps policy active in kernel

cpview CPU, cpwd_admin list List checkpoint processes

cplic print Print all the licensing information.

cpstat -f all polsrv Show VPN Policy Server Stats

cpstat Shows the status of the firewall

cpstat -f policy fw

fw tab -t sam_blocked_ips Block IPS via SmartTracker

fw tab -t connections -s Show connection stats

fw tab -t connections -f Show connections with IP instead of HEX

fw tab -t fwx_alloc -f Show fwx_alloc with IP instead of HEX

fw tab -t peers_count -s Shows VPN stats

fw tab -t userc_users -s Shows VPN stats

fw checklic Check license details

fw ctl get int [global kernel parameter] Shows the current value of a global kernel parameter

fw ctl set int [global kernel parameter][value] Sets the current value of a global keneral parameter. Only Temp ; Cleared after reboot.

fw ctl arp Shows arp table

fw ctl install Install hosts internal interfaces

fw ctl ip_forwarding Control IP forwarding

fw ctl pstat System Resource stats

fw ctl uninstall Uninstall hosts internal interfaces

fw exportlog .o Export current log file to ascii file

fw fetch Fetch security policy and install

fw fetch localhost Installs (on gateway) the last installed policy.

fw hastat Shows Cluster statistics

fw lichosts Display protected hosts

fw log -f Tail the current log filefw log -s -e Retrieve logs between times

fw logswitch Rotate current log file

fw lslogs Display remote machine log-file list

fw monitor Packet sniffer

fw printlic -p Print current Firewall modules

fw printlic Print current license details

fw putkey Install authenication key onto host

fw stat -l Long stat list, shows which policies are installed

fw stat -s Short stat list, shows which policies are installed

fw unloadlocal Unload policy

fw ver -k Returns version, patch info and Kernal infofwstart Starts the firewall

fwstop Stop the firewall

Check Point commands generally come under cp (general), fw (firewall), and fwm (management).

CP, FW & FWM


2/30

mdsenv [cma name] Sets the mds environment

mcd Changes your directory to that of the environment.

mds_setup To setup MDS Servers

mdsconfig Alternative to cpconfig for MDS servers

mdsstat To see the processes status

mdsstart_customer [cma name] To start cmamdsstop_customer [cma name] To stop cma

cma_migrate To migrate an Smart center server to CMA

cmamigrate_assist If you dont want to go through the pain of tar/zip/ftp and if you wish to enable FTP on Smartcenter server

vpn tu VPN utility, allows you to rekey vpn

vpn ipafile_check ipassignment.conf detail Verifies the ipassignment.conf file

dtps lic show desktop policy license status

cpstat -f all polsrv show status of the dtps

vpn shell /tunnels/delete/IKE/peer/[peer ip] delete IKE SA

vpn shell /tunnels/delete/IPsec/peer/[peerip] delete Phase 2 SA

vpn shell /show/tunnels/ike/peer/[peer ip] show IKE SA

vpn shell /show/tunnels/ipsec/peer/[peer ip] show Phase 2 SA

vpn shell show interface detailed [VTIname] show VTI detail

fw ctl zdebug drop shows dropped packets in realtime / gives reason for drop

router Enters router mode for use on Secure Platform Pro for advanced routing options

patch add cd Allows you to mount an iso and upgrade your checkpoint sof tware (SPLAT Only)

backup Allows you to preform a system operating system backuprestore Allows you to restore your backup

snapshot Performs a system backup which includes all Check Point binaries. Note : This issues a cpstop.

vsx get [vsys name/id] get the current context

vsx set [vsys name/id] set your context

fw -vs [vsys id] getifs show the interfaces for a virtual device

fw vsx stat -l shows a list of the virtual devices and installed policies

fw vsx stat -v shows a list of the virtual devices and installed policies (verbose)

reset_gw resets the gateway, clearing all previous virtual devices and settings.

VSX

Provider 1

Debugging

SPLAT Only

VPN
http://www.fir3net.com/Firewalls/Checkpoint/configuring-per-ip-assignment-using-ipassignmentconf-in-checkpoint.htmlhttp://www.fir3net.com/UNIX-/-Linux/General-UNIX/unix-how-to-mount-an-iso-image.htmlhttp://www.fir3net.com/UNIX-/-Linux/General-UNIX/unix-how-to-mount-an-iso-image.htmlhttp://www.fir3net.com/Firewalls/Checkpoint/configuring-per-ip-assignment-using-ipassignmentconf-in-checkpoint.htmlhttp://www.fir3net.com/Firewalls/Checkpoint/configuring-per-ip-assignment-using-ipassignmentconf-in-checkpoint.html


3/30

seful CP Commands

Commandcpconfigcphaprob ldstat

cphaprob stat

cphaprob syncstat

cphastop

cplic printcpstart

cpstat fw

cpstat ha

cpstat os -f all

cpstat os -f cpucpstat os -f routingcpstop

cpwd_admin monitor_list

Useful FW Commands

Commandfw ctl iflistfw ctl pstatfw exportlog -ofw fetch fw log

fw log -b

fw log -c drop

fw log -f fwm logexport -i -o fw logswitchfw lslogs

fw stat

fw stat -l

fw tabfw tab -s -t connectionsfw tab -t xlate -xfw unloadlocalfw ver

VARIOUS HEALTH RELATED COMMANDS

Table 1. Useful CP Comm

Table 2. Useful FW Comm


4/30

Command

fw ctl pstatfw exportlog -ofw fetch fw log

fw log -b

fw log -c drop

fw log -f fwm logexport -i -o fw logswitchfw lslogs

fw stat

fw stat -l

fw tabfw tab -s -t connectionsfw tab -t xlate -xfw unloadlocalfw ver

fw monitor -e 'accept (src=10.1.1.1 and dst=20.2.2.2) or (src=20.2.2.

tcpdump -w capture.pcap -i eth-s1p2c0 host 10.1.1.1 and host 20.2.tcpdump -nni any host 10.1.1.1 -w capture.pcaptcpdump -nni any host 10.1.1.1 and host 20.2.2.2 -w capture.pcap

[Expert@fw]# fw monitor -e "src=192.168.1.100 or dst=192.168.1.100,accept;"

##FW MONITOR Examples###

fw monitor -e accept host(192.168.1.12); [Showpackets with IP 192.168.1.12 as SRC or DST:]

fw monitor -e accept src=192.168.1.12 and dst=192.168.3.3;[Show all packets from 192.168.1.12 to 192.168.3.3:]

fw monitor -pi ipopt_strip -e accept udpport(53);[Show UDP port 53 (DNS) packets, pre-in position is before

'ippot_strip':]

fw monitor -m O -e accept udp and (sport>1023 or dport>1023);[Show UPD traffic from or to unprivileged ports, only show post-

out]

swapinfo


5/30

fw monitor -e accept host(192.168.1.12) and tracert;[Show Windows traceroute (ICMP, TTL


6/30

Descriptionchange SIC, licenses and moredisplay sync serialization statistics

list the state of the high availability cluster members.Should show active and standby devices.

display sync transport layer statisticsstop a cluster member from passing traffic. Stopssynchronization. (emergency only)license informationstart all checkpoint servicesshow policy name, policy install time and interfacetablehigh availability statecheckpoint interface table, routing table, version,memory status, cpu load, disk spacecheckpoint cpu statuscheckpoint routing tablestop all checkpoint serviceslist processes actively monitored. Firewall shouldcontain cpd and vpnd.

Descriptionshow interface namesshow control kernel memory and connectionsexport the current log file to asciiget the policy from the firewall manager show the content of the connections logsearch the current log for activity between specifictimes, egsearch for dropped packets in the active log; also canuse accept or reject to searchtail the current logexport an old log file on the firewall manager rotate logslist firewall logsfirewall status, should contain the name of the policyand the relevant interfaces.show which policy is associated with which interface

and package drop, accept and rejectdisplays firewall tablesnumber of connections in state tableclear all translated entriesclear local firewall policyfirewall version

nds

nds


7/30

Description

show control kernel memory and connectionsexport the current log file to asciiget the policy from the firewall manager show the content of the connections log

search the current log for activity between specifictimes, egsearch for dropped packets in the active log; also canuse accept or reject to searchtail the current logexport an old log file on the firewall manager rotate logslist firewall logsfirewall status, should contain the name of the policyand the relevant interfaces.show which policy is associated with which interfaceand package drop, accept and rejectdisplays firewall tablesnumber of connections in state tableclear all translated entriesclear local firewall policyfirewall version

2 and dst=10.1.1.1);' -m iIoO -o wireshark.pcap

.2chsh -s /bin/bash adminscp /var/log/dlp_mon_141113_1.cap [email protected]:/home/admin/

fw monitor -e "src=150.3.18.155 or dst=150.3.18.155, accept;" -o /var/log/fw_mon_141113_155.cap

fw monitor -e "src=150.3.18.155 or dst=150.3.18.155, accept;" -o /var/log/dlp_mon_141113_155.ca

fw monitor -e "src=150.3.18.221 or dst=150.3.18.221, accept;"


8/30





9/30


10/30


11/30

VARIOUS HEALTH RELATED COMMANDS

Command

cpstat os -f cpucpstat os -f memory

show useful-stats

vmstat 2fw tab -s -t connectionfw tab -t fwx_alloc -snetstat -iipsctl -a | grep eth-s3p1:errorsps -auxcp_conf sic stateckp_regedit -p SOFTWARE/CHECKPOINT/SICgrep -i icaip $CPDIR/registry/HKLM_*ipsctl -a | grep capabilitiesipsctl -i

CHECK SERIAL NUMBER

cat /var/etc/.nvramfw ctl zdebug drop | grep 1414CHECK IF DISKLESS

dmesg | grep flashsystem is flash-based, running in diskless mode

REBOOTsync;sync;reboot

RESTART FWD#precheck

date; grep ipsrd:instance:default:vrrp:nomonitorfw t /config/active; echosh vrrp | iclid; netstat -an | grep 257; ps aux | grep fwd; swapinfo;

#restart$CPDIR/bin/cpwd_admin stop -name FWD -path $FWDIR/bin/fw -command fw kill fwd; sleep 1; ps aux | grep fwd;$CPDIR/bin/cpwd_admin start -name FWD -path $FWDIR/bin/fw -command fwd#post-checkecho sh vrrp | iclid; date; ps aux | grep fwd; netstat -an | grep 257;swapinfo;

SAVE VOYAGERclishsave configexitdbset :save

ROUTES AND ARPPROXYecho sh route | iclidclish -s -c set static-route [route]/[mask] nexthop gateway address[gateway] onclish -s -c add arpproxy address [address] macaddress 0:0:0:0:0:0arpproxy is needed when it is part of a directly connected network

clear arp tableclish

swapinfo

clish


12/30

delete arpdynamic all doesnt delete proxy arpsENABLING INTERFACE & VRRP (Simplified mode)

clish -s -c set interface eth-s4p1 active onclish -s -c set interface eth-s4p1 link_trap onclish -s -c set interface eth-s4p1 auto-advertise offclish -s -c set interface eth-s4p1c0 enableclish -s -c add interface eth-s4p1c0 address x.x.x.x/xx

clish -s -c set interface eth-s4p1 speed 100M duplex fullclish -s -c add mcvr vrid backup-address save configexit

BOUNCE INTERFACE (SPLAT)ifconfig eth-s4p3c0 downifconfig eth-s4p3c0 up

BOUNCE INTERFACE (IPSO)ifdown eth-s4p3c0

ifup eth-s4p3c0 VPN TroubleshootingLocal enc domain

fw tab -t vpn_enc_domain_valid -f -uRemote enc domain

fw tab -t vpn_routing -f -u | grep 10.1.6014:43SPLAT

Add Route:route add -net 123.45.44.0 netmask 255.255.255.0 gw 123.45.56.1route savePreferred method is using cos_config as the save parameter for routemay not exist on some systems.

Check Route (SPLAT):ip route get xx.xx.xx.xx

Proxy Arp on SPLATarp -s pub**NOTE: This should also be added to the startup script /etc/rc.local onboth firewalls is this is an HA cluster (remember use the physical mac address of the interface you are proxyarping on, not the cluster mac)$FWDIR/conf/local.arp

Check to see if device is disklessipsctl kern:diskless

Fix IP265 if stuck at #

fsck -fyb 32mkdir /var/emhome/admincp /etc/skel/* /var/emhome/admin

Identify switchtcpdump -n -i eth-s4p4c2 -s 1500 -w -c 1 ether dst 1:0:c:cc:cc:cc andgreater 75|strings -3a


13/30

Description

** CPU Usage **** Memory Usage **

** Memory Usage %

** free mem and cpu **** Checks current/max connections **** Shows Translation Table Connections** Check for interface errors/collisions **** detailed interface errors **** Show processes **** Check SIC ****!ckp****find CMA IP****Check Int Capabilities**Menu with all hardware**


14/30

cphaprob stat List cluster statuscphaprob -a if List status of interfaces

cphaprob syncstat shows the sync statuscphaprob list Shows a status in list formcphastart/stop Stops clustering on the specfic nodecp_conf sic SIC stuff cpconfig config utilcplic print prints the license

cprestart Restarts all Check Point Servicescpstart Starts all Check Point Services

cpstop Stops all Check Point Services

cpstop -fwflag -proc Stops all checkpoint Services but keeps policyactive in kernel

cpwd_admin list List checkpoint processes

cplic print Print all the licensing information.

cpstat -f all polsrv Show VPN Policy Server Stats

cpstat Shows the status of the firewall

fw tab -t sam_blocked_ips Block IPS via SmartTracker fw tab -t connections -s Show connection stats

fw tab -t connections -f Show connections with IP instead of HEXfw tab -t fwx_alloc -f Show fwx_alloc with IP instead of HEXfw tab -t peers_count -s Shows VPN stats

fw tab -t userc_users -s Shows VPN stats

fw checklic Check license detailsfw ctl get int [global kernel parameter] Shows the current value of a global kernel

parameter fw ctl set int [global kernel parameter][value]

Sets the current value of a global keneralparameter. Only Temp ; Cleared after reboot.

fw ctl arp Shows arp tablefw ctl install Install hosts internal interfaces

fw ctl ip_forwarding Control IP forwardingfw ctl pstat System Resource stats

fw ctl uninstall Uninstall hosts internal interfacesfw exportlog .o Export current log file to ascii filefw fetch Fetch security policy and installfw fetch localhost Installs (on gateway) the last installed policy.

CP, FW & FWM


15/30

fw hastat Shows Cluster statisticsfw lichosts Display protected hostsfw log -f Tail the current log filefw log -s -e Retrieve logs between times

fw logswitch Rotate current log filefw lslogs Display remote machine log-file listfw monitor Packet sniffer fw printlic -p Print current Firewall modulesfw printlic Print current license detailsfw putkey Install authenication key onto hostfw stat -l Long stat list, shows which policies are

fw stat -s Short stat list, shows which policies arefw unloadlocal Unload policy

fw ver -k Returns version, patch info and Kernal infofwstart Starts the firewallfwstop Stop the firewall

fwm lock_admin -v View locked admin accountsfwm dbexport -f user.txt used to export users , can also use dbimport

fwm_start starts the management processes

fwm -p Print a list of Admin usersfwm -a Adds an Adminfwm -r Delete an administrator

mdsenv [cma name] Sets the mds environment

mcd Changes your directory to that of themds_setup To setup MDS Serversmdsconfig Alternative to cpconfig for MDS serversmdsstat To see the processes status

mdsstart_customer [cma name] To start cmamdsstop_customer [cma name] To stop cma

cma_migrate To migrate an Smart center server to CMA

cmamigrate_assist If you dont want to go through the pain oftar/zip/ftp and if you wish to enable FTP onSmart center server

vpn tu VPN utility, allows you to rekey vpnvpn ipafile_check ipassignment.conf Verifies the ipassignment.conf filedtps lic show desktop policy license status

cpstat -f all polsrv show status of the dtpsvpn shell /tunnels/delete/IKE/peer/[peer delete IKE SA

vpn shell /tunnels/delete/IPsec/peer/[peer delete Phase 2 SA
https://www.fir3net.com/Firewalls/Checkpoint/configuring-per-ip-assignment-using-ipassignmentconf-in-checkpoint.htmlhttps://www.fir3net.com/Firewalls/Checkpoint/configuring-per-ip-assignment-using-ipassignmentconf-in-checkpoint.htmlhttps://www.fir3net.com/Firewalls/Checkpoint/configuring-per-ip-assignment-using-ipassignmentconf-in-checkpoint.html


16/30

vpn shell /show/tunnels/ike/peer/[peer ip] show IKE SAvpn shell /show/tunnels/ipsec/peer/[peer show Phase 2 SAvpn shell show interface detailed [VTI show VTI detail

fw ctl zdebug drop shows dropped packets in realtime / gives

reason for drop

router Enters router mode for use on SecurePlatform Pro for advanced routing options

patch add cd Allows you to mount an iso and upgrade yourcheckpoint software (SPLAT Only)

backup Allows you to preform a system operatingsystem backup

restore Allows you to restore your backupsnapshot Performs a system backup which includes all

Check Point binaries. Note : This issues a

vsx get [vsys name/id] get the current contextvsx set [vsys name/id] set your contextfw -vs [vsys id] getifs show the interfaces for a virtual devicefw vsx stat -l shows a list of the virtual devices and installed

policiesfw vsx stat -v shows a list of the virtual devices and installed

policies (verbose)reset_gw resets the gateway, clearing all previous virtual

devices and settings.

DEBUGGING

SPLAT ONLY
https://www.fir3net.com/UNIX-/-Linux/General-UNIX/unix-how-to-mount-an-iso-image.htmlhttps://www.fir3net.com/UNIX-/-Linux/General-UNIX/unix-how-to-mount-an-iso-image.htmlhttps://www.fir3net.com/UNIX-/-Linux/General-UNIX/unix-how-to-mount-an-iso-image.htmlhttps://www.fir3net.com/UNIX-/-Linux/General-UNIX/unix-how-to-mount-an-iso-image.htmlhttps://www.fir3net.com/UNIX-/-Linux/General-UNIX/unix-how-to-mount-an-iso-image.html


17/30

Feature or Extendedor Base category

ifconfig extended UNIX

netstat extended UNIXtop extended UNIXping extended/feature Networkingmessage feature GAIA environmentsysenv feature GAIA environmentdomainname feature Networkinginterface feature Networkinginterfaces feature Networkingroute feature Networkingallowed-client feature Platform adminclock feature Platform admin

date feature Platform adminedition feature Platform adminhost feature Platform adminhostname feature Platform adminhw-monitor feature Platform admininactivity-timeout feature Platform admin

lcd feature Platform admintime feature Platform admintimezone feature Platform adminversion feature Platform admincd feature UNIXuptime feature UNIXcat extended UNIXclienv feature GAIA environmentformat feature GAIA environment

tag feature GAIA environmentbackup feature Platform adminbackups feature Platform adminbackup-scheduled feature Platform adminselfpasswd feature Platform adminsnapshot feature Platform admin

snapshots feature Platform adminhistory base GAIA commands

lock base GAIA commandsquit base GAIA commandsrollback base GAIA commandssave base GAIA commandsexit base GAIA environmentexpert base GAIA environment

Expert


18/30

help base GAIA environmenthalt base Platform adminreboot base Platform adminupgrade cd base Platform adminupgrade local VALUE base Platform adminver base Platform adminfips extended ???

config_system extended GAIA commandsping6 extended Networking

cpshared_ver extended Platform admin

diag extended Platform adminpatch extended Platform adminraid_diagnostic extended Platform adminraidconfig extended Platform admincp_conf extended Platform Subsystem

cpca extended Platform Subsystemcpca_client extended Platform Subsystemcpca_create extended Platform Subsystemcpca_dbutil extended Platform Subsystemcpconfig extended Platform Subsystemcphaprob extended Platform Subsystemcphastart extended Platform Subsystemcphastop extended Platform Subsystemcpinfo extended Platform Subsystemcplic extended Platform Subsystemcpstart extended Platform Subsystemcpstat extended Platform Subsystemcpstop extended Platform Subsystemcpwd_admin extended Platform Subsystemdtps extended Platform Subsystemetmstart extended Platform Subsystemetmstop extended Platform Subsystemfgate extended Platform Subsystemfw extended Platform Subsystemfwaccel extended Platform Subsystemfwm extended Platform Subsystemips extended Platform SubsystemLSMcli extended Platform Subsystem

LSMenabler extended Platform Subsystemrtm extended Platform Subsystemrtmstart extended Platform Subsystemrtmstop extended Platform Subsystemrtmtopsvc extended Platform Subsystemsim extended Platform SubsystemSnortConvertor extended Platform Subsystemvpn extended Platform Subsystemvsx_util extended Platform Subsystem


19/30

traceroute extended UNIXscratchpad feature ???auditlog feature ????ftw feature ????logging feature ????database feature ?????slot feature ?????

aggregate feature Dynamic routing admin

as feature Dynamic routing admin

bgp feature Dynamic routing admin

igmp feature Dynamic routing admin

instance feature Dynamic routing admin

kernel-routes feature Dynamic routing admin

max-path-splits feature Dynamic routing admin

mcvr feature Dynamic routing admin

mfc feature Dynamic routing admin

neighbor feature Dynamic routing admin

neighbor-entry feature Dynamic routing admin

ospf feature Dynamic routing admin

pbr feature Dynamic routing admin

pbr-combine-static feature Dynamic routing admin

pbr-routing-group feature Dynamic routing admin

pim feature Dynamic routing admin

pppoe feature Dynamic routing admin

protocol-rank feature Dynamic routing admin

rdisc feature Dynamic routing admin

rip feature Dynamic routing admin

routed feature Dynamic routing admin


20/30

route-injection feature Dynamic routing admin

routemap feature Dynamic routing admin

routemaps feature Dynamic routing admin

router-id feature Dynamic routing admin

router-options feature Dynamic routing admin

show-route-all feature Dynamic routing admin

trace feature Dynamic routing admin

tracefile feature Dynamic routing admincommand feature GAIA commandscommands feature GAIA commands

config feature GAIA commandsconfig-lock feature GAIA commandsconfig-state feature GAIA commandsconfiguration feature GAIA commandsextended feature GAIA commandsstart feature GAIA commandstransaction feature GAIA commandsarp feature Networkingbonding feature Networkingbootp feature Networkingbridging feature Networkingdefault-route feature Networkingdhcp feature Networkingdns feature Networkinginterface-group feature Networkingiphelper feature Networkingipv6 feature Networkingipv6-state feature Networkingmanagement feature Networkingnet-access feature Networkingnexthop-selection feature Networkingstatic6 feature Networkingstatic-mroute feature Networking

static-route feature Networkingaaa-servers feature Platform admindownload feature Platform adminexpert-password feature Platform admin

fcd feature Platform admingroup feature Platform admingroups feature Platform adminimport feature Platform admin


21/30

inactto feature Platform admininstall feature Platform admininstaller feature Platform admininstaller_mail feature Platform admininstaller_policy feature Platform adminlocal feature Platform adminlogicalvolume feature Platform admin

mail-notification feature Platform adminmaintenance-group feature Platform adminmanage-image feature Platform adminmgmtAdmin feature Platform adminmgmt-gui-clients feature Platform adminntp feature Platform adminpassword-controls feature Platform adminprod-maintain feature Platform adminrba feature Platform admin

revert feature Platform admin

security-access-group feature Platform adminsoftware-updates-group feature Platform adminssmtp feature Platform adminstop feature Platform adminsystem-group feature Platform admintacacs_enable feature Platform adminuninstall feature Platform adminupgrade feature Platform adminuser feature Platform adminusers feature Platform adminvolume feature Platform adminweb feature Platform admin

adv-vrrp feature Platform Subsystemblades feature Platform Subsystemcertificate_authority feature Platform Subsystemcluster_ha feature Platform Subsystemhigh-avail-group feature Platform Subsystemlicense_activation feature Platform Subsystemproxy feature Platform Subsystemrestore_policy feature Platform Subsystemsmart-console feature Platform Subsystemsnmp feature Platform Subsystemsysconfig feature Platform Subsystem

syslog feature Platform Subsystemvirtual-system feature Platform Subsystemvpnt feature Platform Subsystemvrrp feature Platform Subsystem


22/30

vrrp6 feature Platform Subsystemvsx feature Platform Subsystemcron feature UNIX


23/30

DescriptionNetworking

NetworkingShow OS processesNetworkingmsg of the daycli environment for tabs, lines, columnsNetworkingNetworkingNetworkingroutingClient that can connect to platformtime

timeversion of OShost namehost name????session timeout

For appliances, the front panel LCD adminTime adminTimezone adminversion of systemchange directoryhow much time has system been upprint fileGAIA environmentdate, net,tim formats

cli environment to create comment tagsbackup systemlist backupsbuild backup schedulechange current passwordTake an image of the system

Show system imageshistory of commandslock database override to get control of GAIAconfig databaseexit GAIArollback a GAIA batch transactionconfig or client evironmentexit out of GAIAgo into SPLAT mode


24/30

stop OSreboot OSpatch upgrade via cdupgradesversion of system???

load file to config systemNetworking

Print out description of cpshared version,doesn't seem to work, only in SPLAT

Send system diagnostics information to tftpinstall patchRAID infoRAID infocp specific commands

certificate authoritycertificate authority admincertificate authority admincertificate authority adminconfigure platform with cpconfigchange HA statusstop HAstart HAgenerate cpinfo informationcheck licensestart firewallcheck firewall statusstop firewallwatchdog admin for cp processesclient VPN policy server adminqosqosfloodgatecheckpoint cmdscheckpoint cmdscheckpoint cmdsIntrusion Prevention System adminprovisioning

provisioningSmartMonitor adminSmartMonitor adminSmartMonitor adminSmartMonitor adminSecureXL adminConvert logs for Snort to readvpn adminmgt server vsx admin


25/30

Unix traceroute??????????????????????????

Dynamic routing admin




??????








policy based routing

????

????








26/30

?????





?????

Debug dynamic routing

Debug dynamic routingGAIA commandsGAIA commands

GAIA command configurationget config lockshow if commands savedload config file with config commandsshow extended commandsstart batch GAIA commandsbatch transactionsmanual arpNetworkingNetworkingNetworkingNetworkingNetworkingNetworking?????Networkingdyhnamic routingDynamic routing adminset mgt interfacetelnet accessNetworkingIPV6 static routNetworking multicast route????

routingauthenticationinstalling filesset expert password

set fcd revert - possibly a snapshot rever?GAIA groups of usersGAIA groups of usersInstall files


27/30

Install filesInstallInstallInstall filesInstall filesupgradechange volume info???

email notices???????????????time NTPset password complexity????role based adminRevert GAIA configuration database back to???

????Update new software????????install????Enable TACAS authenticationinstallinstallcli userscli usersmove space to/from backup volumeWebUI params

VRRP admin????Cert admin???HA admin????HA admin????????proxy for mail and spam checkingInstall????SNMP adminCP sysconfig menu

set syslog cplogsoff - Do not send syslogs to Check Point's logson - Send system syslogs to Check Point'slogs

VSX set environmentVpn configvrrp failover admin


28/30

Vrrp configwebui for vsxcreate batch jobs


29/30

-P : -p : preserve , , .-r : recursive / .-C : Compression

cd $FWDIR -> /opt/CPsuite-R77/fw1./opt/CPsuite-R77/fw1/bin/upgrade_tools/upgrade_expert [finename]backup-> Are you sure you want to proceed (y/n) [y]? Y

./opt/CPsuite-R77/fw1/bin/upgrade_tools/upgrade_import [finename]restore

fw monitor -e "accept;" -o fwmonitor_dlp1_standby.pcap-i gateway -I gateway -o gateway -O gateway

tcpdump -i eth-s1p1c0 -w trace.pcap

tcpdump -i eth-s1p1c0 -s 320 -vv udp port 520

tcpdump -i eth-s1p1c0 -s 320 -vv proto igrptcpdump -i eth-s1p1c0 tcp port 23tcpdump -i interface host X.X.X.X

tcpdump -i interface host 10.2.3.4 and not port 80tcpdump -i interface host 10.2.3.4 or host 10.2.3.5

tcpdump -i eth-s1p1c3 vlan 6

tcpdump -i vlan | grep tcpdumptcpdump -s 320 -i eth-s1p1c0tcpdump -s 1500 -i eth-s1p1c0 -w /var/log/tcpdump_s1p1c0.cap

bash

F

Command

Command

scp host:/home/filename /home/admin-> scp 192.168.0.1:/home/test.txt /home/admin

Command

scp filename host:/home/admin-> scp ./test.txt 192.168.0.1:/home/admin

Command

Command

Commandchsh -s /bin/bash [ ]chsh -s /bin/bash admin


30/30

SCP, ftp .Default Shell Information : bash

Local Host (Upload)

Local Host (Download)

$FWDIR /opt/CPsuite-R77/fw1 Local License, Policy, NAT, Topology gateway (Web GUI system backup )

tcpdump

tcpdump eth-slp1c0 trace.pcap .The following will show all RIP traffic on the network attached to eth-s1p1c0.RIP runs over UDP port 520The following will show all IGRP traffic on the network connected to eth-s1p1c0.The following will show all telnet traffic on the network connected to eth-s1p1c0.Filtering for a specific host

For example, to capture packets on eth1c0 that are to host 10.2.3.4 and NOT to port 80To capture packets on eth1c0 that are to host 10.2.3.4 or 10.3.2.5:

If your ethernet interfaces are configured with VLANs, and you're using IPSO 3.6 andlater, you can filter with tcpdump, based on vlans, by passing "vlan n" as anargument (where n is the VLAN number).

To use tcpdump to filter on a virtual (i.e., vlan) interface, use the commandLimit the size (in bytes) of captured packets (by default, only headers are captured)Save the captured traffic into a file (for later deeper analysis in WireShark)

MONITOR

CPDUMP

Backup

Restore

SCP

Documents

복사본 Checkpoint_CLI_summary (자동 저장됨)