cphaprob stat

cphaprob -a if
cphaprob syncstat
cphaprob list
cphastart/stop
cp_conf sic
cpconfig
cplic print
cprestart
cpstart
cpstop
cpstop -fwflag -proc

cpwd_admin list
cplic print
cpstat -f all polsrv
cpstat

fw tab-t sam_blocked_ips
fw tab -t connections -s
fw tab -t connections -f
fw tab -t fwx_alloc -f
fw tab -t peers_count -s
fw tab -t userc_users -s
fw checklic
fw ctl get int [global kernel parameter]

fw ctl set int [global kernel parameter] [value]

fw ctl arp
fw ctl install
fw ctl ip_forwarding
fw ctl pstat
fw ctl uninstall
fw exportlog .o
fw fetch
fw fetch localhost
fw hastat
fw lichosts
fw log -f
fw log -s -e
fw logswitch
fw lslogs
fw monitor
fw printlic -p
fw printlic
fw putkey
fw stat -l
fw stat -s
fw unloadlocal
fw ver -k
fwstart
fwstop

fwm lock_admin -v
fwm dbexport -f user.txt
fwm_start
fwm -p
fwm -a
fwm -r
PROVIDER 1
mdsenv [cma name]
mcd

mds_setup
mdsconfig
mdsstat
mdsstart_customer [cma name]

mdsstop_customer [cma name]

cma_migrate
cmamigrate_assist

VPN
vpn tu
vpn ipafile_check ipassignment.conf detail

dtps lic
cpstat -f all polsrv
vpn shell /tunnels/delete/IKE/peer/[peer ip]

vpn shell /tunnels/delete/IPsec/peer/[peer ip]

vpn shell /show/tunnels/ike/peer/[peer ip]

vpn shell /show/tunnels/ipsec/peer/[peer ip]

vpn shell show interface detailed [VTI name]

DEBUGGING
fw ctl zdebug drop

Firewall Commands
fw ver
vpn macutil

cpstat polsrv -f all

cpstat fw -f http, ftp, telnet, rlogin, smtp, pop3

fw stat

fw stat -long
cpstat os -f cpu -o 3
-o Polling interval (seconds) specifies the pace of the
results. Default is 0, meaning the results are shown only
once.

-c Specifying how many times the results are shown.

Default is 0, meaning the results are repeatedly shown.

cpstat os
cpstat fw -f all
cpstat fw -f policy
fw tab -t connections -s
fw fetch
cplic print
fwha_mac_magic

cp_conf sic state

cp_conf sic init <Activation Key> [norestart]

fw ctl zdebug drop | grep 1.1.1.1

Table 3.
Sniffer on the Firewall
fw monitor -m iIoO -e accept (src=IP_S and dst=_IP_D)
or (src=IP_D and dst=IP_S);

fw monitor -m iIoO -e accept (src=IP_S and dst=_IP_D)

or (src=IP_D and dst=IP_S); -ow monitor_cat.cap

fw monitor -m iIoO -e accept (src=IP_S and dst=_IP_D)

or (src=IP_D and dst=IP_S); -p all -a -o Datei.cap

fw monitor -m iIoO -e accept (sport=5200 or

sport=5100 or sport=5000);

Table 4.
Remote Access and S2S VPN commands

vpn tu
fw tab -t inbound_SPI -f

fw tab -t om_assigned_ips -f
fw tab -t marcipan_ippool_users -f

fw tab -t om_assigned_ips -f -m 2000 | awk {print

$7,$11} | grep -v ^

fw tab -t marcipan_ippool_users -x

vpn debug trunc

vpn debug on TDERROR_ALL_ALL=5

vpn debug ikeon

vpn debug mon

vpn debug ikeoff

vpn debug off

vpn debug moff
vpn export_12 -obj <objectname> -cert <certificatename
-file <filename> -passwd <passw>
Example:
vpn export_p12 -obj Office_GW -cert defaultCert
file office_cert.p12 -passwd mypassword
Table 5.
Clustering commands
cphaprob list
cpstat fw -f sync
cphaprob state
cpstat ha -f all
fw ctl pstat

cphaprob -a if
cphaprob syncstat
fw hastat

Table 6.
General commands
ps -aux
kill -9 prozessid
dmesg
vmstat 5 5
ifconfig bge1:xx down
fsck
Table 7.
Administrate CMA/MDS processes

mdsstop_customer
mdsstart_customer
mdsstat
mdsstop
mdsstart
mdsenv CMANAME
echo $FWDIR
cpstat mg

fwm -a

fwm dbload
watch -d cpstat os -f cpu
Table 8.
Searching for objects
cd $FWDIR/conf
grep subdomain objects.C | grep -v Name | awk {print
$2} | grep ^( | sed -e s/(//

cd $FWDIR/conf
grep subdomain /opt/CPmds-R65/customers/*/CPsuite-
R65/fw1/conf/objects.C | grep -v Name | awk {print $1,
$3} | grep ( | sed -e s/(//

grep 2.2.2.2\|3.3.3.3 /opt/CPmds-

R65/customers/*/CPsuite-R65/fw1/conf/objects_5_0.C

grep hostimiss.com /opt/CPmds-

R65/customers/*/CPsuite-
R65/fw1/conf/rulebases_5_0.fws

Table 9.
Archive commands
tar tfv [ARCHIVNAME].tar
tar cfvz [ARCHIVNAME].tar.gz [VERZEICHNIS1]
[DATEI1]

tar xfvz [ARCHIVNAME].tar.gz

SCP command
scp root@provider1:/opt/CPmds-
R65/customers/cma1/CPsuite-
R65/fw1/conf/objects_5_0.C .
List cluster status
List status of interfaces
shows the sync status
Shows a status in list form
Stops clustering on the specfic node
SIC stuf
config util
prints the license
Restarts all Check Point Services
Starts all Check Point Services
Stops all Check Point Services
Stops all checkpoint Services but keeps policy
active in kernel
List checkpoint processes
Print all the licensing information.
Show VPN Policy Server Stats
Shows the status of the firewall

Block IPS via SmartTracker

Show connection stats
Show connections with IP instead of HEX
Show fwx_alloc with IP instead of HEX
Shows VPN stats
Shows VPN stats
Check license details
Shows the current value of a global kernel
parameter
Sets the current value of a global keneral
parameter. Only Temp ; Cleared after reboot.
Shows arp table
Install hosts internal interfaces
Control IP forwarding
System Resource stats
Uninstall hosts internal interfaces
Export current log file to ascii file
Fetch security policy and install
Installs (on gateway) the last installed policy.
Shows Cluster statistics
Display protected hosts
Tail the current log file
Retrieve logs between times
Rotate current log file
Display remote machine log-file list
Packet snifer
Print current Firewall modules
Print current license details
Install authenication key onto host
Long stat list, shows which policies are
installed
Short stat list, shows which policies are
installed
Unload policy
Returns version, patch info and Kernal info
Starts the firewall
Stop the firewall

View locked admin accounts

used to export users , can also use dbimport
starts the management processes
Print a list of Admin users
Adds an Admin
Delete an administrator

Sets the mds environment

Changes your directory to that of the
environment.
To setup MDS Servers
Alternative to cpconfig for MDS servers
To see the processes status
To start cma

To stop cma

To migrate an Smart center server to CMA

If you dont want to go through the pain of
tar/zip/ftp and if you wish to enable FTP on
Smart center server

VPN utility, allows you to rekey vpn

Verifies the ipassignment.conf file

show desktop policy license status

show status of the dtps
delete IKE SA

delete Phase 2 SA

show IKE SA
show Phase 2 SA

show VTI detail

shows dropped packets in realtime / gives

reason for drop

Show Firewall Version

Generate MAC Address for users. This can be
used to fix an IP in DHCP Server.
Show the connected and the licensed users
Check protocol states.

Show policy name and the interfaces that

have already seen any traffic.
Shows the policy and the stats for the policy
Monitor CPU state every 3 seconds
cpstat useful parameters

Show SVN Foundation and OS Version

Product, Policy und Status informations
Show Installed Policy name
Show active connections
Install Policy from MGM server
Print licenses
Connecting multiple clusters to the same
network segment (same VLAN, same switch)
sk25977
SIC test on the firewall
SIC reset on the firewall

check dropped packets on the firewall for

host 1.1.1.1
Monitor traffic between host with IP IP_S and
host with IP IP_D

not just monitor but save as capture to a file

not just monitor but save capture to a file +

deeper debug

Monitor traffic on the source port 5200, 5100

or 5000

vpn tunnel util, for VPN checking, delete

List SPI and users (external IP, office mode IP,
username, DN of a user in case of certificate
auth)
List users and assigned Office mode IPs
List Office Mode used IPs

Lists office mode Ip fore 2000 users (use -u

for unlimited number)

used to manually clear the Office Mode

connections table on the Gateway
initiates both vpn debug and ike debug
initiates vpn debug on the level of detail
provided by TDERROR_ALL_ALL=5. Output
file is $FWDIR/log/vpnd.elg
initiates vpn ike debug. Output file is
$FWDIR/log/ike.elg
Writes ike traffic unecrypted to a file. The
output file isikemonitor.snoop. In this output
file, all the IKE payloads are in clear
Stops ike debug. Get ikeviewer to check the
ike traffic and log.
Stops vpn debug
Stops ike snifer
export a certificate using the Security
Management server. certificate object is the
Certificakte Nickname from the GUI.
Show processes monitored by HA
Show counters for sync traffic
Show cluster mode and status
Show HA process and HA IP status
Show memory, kernel stacks, connections,
fragments,, SYNC status
Show Sync interface(s) and HA IP(s)
Show Sync statistics
Show HA stat ONLY by ClusterXL! not with
VRRP

Report all active processes in the kernel IPSO

Stop a process
show boot logs
show memory, cpu usage
set virtual Interface on Provider1 down
Filsystemcheck

Stop a CMA
Start a CMA
Shows MDS and CMA Status
Stops all CMAs und Server processes
Start all CMAs und Server processes
Change the Enviroment to selected CMA
This displays the correct path for the CMA.
check the connected clients (with Provider1
in the CMA Level: mdsenv <CMA-IP>)
Change admin password (or cpconfig delete
admin and add admin)
Install database
Monitor cpu state with watch

What you cannot find whit cross CMA search

Searching all objects with subdomain
subdomain in their name

Searching all objects in all firewalls (in MDS)

with subdomain subdomain in their name
find the 2 IP Address in the firewall configs

find the hostname in the firewall rulebase

configs

Show the content of an archive

Archive files

open archive

copy the objects_5_0.C file to the lokal folder

from where the command was issued