cpconfig change SIC, licenses and more

cpview -t show top style performance counters

cphaprob stat list the state of the high availability cluster members. Should show active and
standby devices.

cphaprob -a if display status of monitored interfaces in a cluster

cphaprob -l list display registered cluster devices and status

cphaprob syncstat display sync transport layer statistics

cphaprob ldstat display sync serialization statistics

cphastop stop a cluster member from passing traffic. Stops synchronization. (emergency
only)

clusterXL_admin down –p disable this node from cluster membership

cphaconf cluster_id get get cluster Global ID membership

cplic print license information

cpstart start all checkpoint services

cpstat fw show policy name, policy install time and interface table

cpstat ha high availability state

cpstat blades top rule hits and amount of connections

cpstat os -f all checkpoint interface table, routing table, version, memory status, cpu load,
disk space

cpstat os -f cpu checkpoint cpu status

cpstat os -f multi_cpu checkpoint cpu load distribution

cpstat os -f sensors hardware environment (temperature/fan/voltage)

cpstat os -f routing checkpoint routing table

 cpstop stop all checkpoint services

cpwd_admin monitor_list list processes actively monitored. Firewall should contain cpd and vpnd.

show asset all show serial numbers and hardware info

show route destination show routing for specific host

xx.xx.xx.xx

ip route get xx.xx.xx.xx show routing for specific host

iclid / show cluster state show cluster fail over history

Useful FW Commands

Command Description

fw ver firewall version

fw ctl iflist show interface names

fw ctl pstat show control kernel memory and connections

fwaccel stat show SecureXL status

fw fetch <manager IP> get the policy from the firewall manager

fwm load <policy name> <gateway name> compile and install a policy on the target’s gateways.

fw getifs list interfaces and IP addresses

fw log show the content of the connections log

fw log -b “MMM DD, YYYY HH:MM:SS” “MMM search the current log for activity between specific times
DD, YYYY HH:MM:SS”

fw log -c drop search for dropped packets in the active log; also can use
accept or reject to search

fw log -f tail the current log

fwm logexport -i <log name> -o <output name> export an old log file on the firewall manager
 -n -p

fw logswitch rotate logs

fw lslogs list firewall logs

fw stat firewall status, should contain the name of the policy and the
relevant interfaces.

fw stat -l show which policy is associated with which interface and

package drop, accept and reject

fw tab displays firewall tables

fw tab -s -t connections number of connections in state table

fw tab -s -t userc_users number of remote users connected (VPN)

fw tab -t xlate -x clear all translated entries

fw unloadlocal clear local firewall policy

fw monitor -e “accept host(10.1.1.10);” trace the packet flow to/from the specified host

fw ctl zdebug + drop | grep ‘x.x.x.x\|y.y.y.y’ Check reason of your packet being dropped

Provider 1 Commands

mdsenv [cma name] Sets the mds environment

mcd Changes your directory to that of the environment.

mds_setup To setup MDS Servers

mdsconfig Alternative to cpconfig for MDS servers

mdsstat To see the processes status

mdsstart_customer [cma To start cma

name]
 mdsstop_customer [cma To stop cma
name]

cma_migrate To migrate an Smart center server to CMA

cmamigrate_assist If you dont want to go through the pain of tar/zip/ftp and if you wish to
enable FTP on Smart center server

VPN Commands

vpn tu VPN utility, allows you to rekey vpn

vpn ipafile_check ipassignment.conf detail Verifies the ipassignment.conf file

dtps lic show desktop policy license status

cpstat -f all polsrv show status of the dtps

vpn shell /tunnels/delete/IKE/peer/[peer ip] delete IKE SA

vpn shell /tunnels/delete/IPsec/peer/[peer ip] delete Phase 2 SA

vpn shell /show/tunnels/ike/peer/[peer ip] show IKE SA

vpn shell /show/tunnels/ipsec/peer/[peer ip] show Phase 2 SA

vpn shell show interface detailed [VTI name] show VTI detail

Gaia Show (Clish) Commands

save config save the current configuration

show commands shows all commands

show allowed-client all show allowed clients

show arp dynamic all displays the dynamic arp entries

show arp proxy all shows proxy arp

show arp static all displays all the static arp entry

show as displays autonomous system number

show assets all display hardware information

show bgp stats shows bgp statistics

show bgp summary shows summary information about bgp

show vrrp stats show vrrp statistics

show bootp stats shows bootp/dhcp relay statistics

show bootp interface show all bootp/dhcp relay interfaces

show bonding group show all bonding groups

show bridging groups show all bridging groups

show backups shows a list of local backups

show backup status show the status of a backup or restore operation being performed

show backup last-successful show the latest successful backup

show backup logs show the logs of the recent backups/restores performed

show clock show current clock

show configuration show configuration

show-config state shows the state of configuration either saved or unsaved

show date shows date

show dns primary shows primary dns server

show dns secondary shows secondary dns server

show extended commands shows all extended commands

show groups shows all user groups

show hostname show host name

show inactivity-timeout shows inactivity-timeout settings

show interfaces shows all interfaces

show interfaces ethx shows settings related to an interface “x

show interfaces show detailed information about all interfaces

show ipv6-state shows ipv6 status as enabled or disabled

show management interface shows management interface configuration

show ntp active shows ntp status as enabled or disabled

show ntp servers shows ntp servers

show ospf database shows ospf database information

show ospf neighbors shows ospf neighbors information

show ospf summary shows ospf summary information

show pbr rules shows policy based routing rules

show pbr summary shows policy based routing summary information

show pbr tables show pbr tables

show route shows routing table

show routed version shows information about routed version

show snapshots shows a list of local snapshots

show snmp agent-version shows whether the version is v1/v2/v3

show snmp interfaces shows snmp agent interface

show snmp traps receivers shows snmp trap receivers

show time shows local machine time

show timezone show configured timezone

show uptime show system uptime

show users show configured users and their homedir, uid/gid and shell

show user <username> shows settings related to a particular user

 show version all shows version related to os edition, kernel version, product version etc

show virtual-system all show virtual-systems configured

show vpn tunnels use to show the vpn tunnels

show vrrp stats shows vrrp status

show vrrp interfaces shows vrrp enabled interfaces

Gaia Set (Clish) Commands

add allowed-client host any-host / add allowed-client host add any host to the allowed clients list/
<ip address> add allowed client by ipv4 address

add backup local create and store a backup file in

/var/cpbackups/backups/( on open
servers) or /var/log/cpbackup/backups/ (
on checkpoint appliances)

add backup scp ip value path value username value adds backup to scp server

add backup tftp ip value [ interactive ] adds backup to tftp server

add snapshot create snapshots which backs up

everything like os configuration,
checkpoint configuration, versions,
patch level), including the drivers

add syslog log-remote-address <ip address> level specifies syslog parameters

<emerg/alert/crit/err/warning/notice/info/debug/all>

add user <username> uid <user-id-value> homedir creates a user

expert executes system shell

halt put system to halt

history shows command history

lock database override overrides the config-lock settings

quit exits out of a shell

reboot reboots a system

restore backup local [value] restores local backup interactively

rollback ends the transaction mode by reverting

the changes made during transaction

save config save the current configuration

set backup restore local <filename> restores a local backup

set core-dump <enable/disable> enable/disable core dumps

set date yyyy-mm-dd sets system date

set dhcp server enable enable dhcp server

set dns primary <x.x.x.x> sets primary dns ip address

set dns secondary <x.x.x.x> sets secondary dns ip address

set expert-password set or change password for entering into

expert mode

set edition default <value> set the default edition to 32-bit or 64-bit

set hostname <value> sets system hostname

set inactivity-timeout <value> sets the inactivity timeout

set interface ethx  ipv4-address x.x.x.x mask-length 24 adds ip address to an interface

set ipv6-state on/off sets ipv6 status as on or off

set kernel-routes on/off sets kernel routes to on/off state

set management interface <interface name> sets an interface as management

interface

set message motd value sets message of the day

set ntp active on/off activates ntp on/off

set ntp server primary x.x.x.x version <1/2/3/4> sets primary ntp server

set ntp server secondary x.x.x.x version <1/2/3/4> sets secondary ntp server

set snapshot revert<filename> revert the machine to the selected

 snapshot

set snmp agent on/off sets the snmp agent daemon on/off

set snmp agent-version <value> sets snmp agent version

set snmp community <value> read-only sets snmp readonly community string

add snmp interface <interface name> sets snmp agent interface

set snmp traps receiver <ip address> version v1 community specifies trap receiver
value

set snmp traps trap <value> set snmp traps

set static-route x.x.x.x/24 nexthop gateway address x.x.x.x adds specific static route
on

set time <value> sets system time

set time zone <time-zone> sets the time zone

set vsx off sets vsx mode on

set vsx on sets vsx mode off

set user <username> password sets users password

set web session-timeout <value> sets web configuration session time-out

in minutes

set web ssl-port <value> sets the web ssl-port for the system

Few Useful SPLAT CLI Commands

router Enters router mode for use on Secure Platform Pro for advanced routing options

patch add Allows you to mount an iso and upgrade your checkpoint software (SPLAT Only)
cd

backup Allows you to preform a system operating system backup

restore Allows you to restore your backup

snapshot Performs a system backup which includes all Check Point binaries. Note : This issues a
 cpstop.

Few Useful VSX CLI Commands

vsx get [vsys name/id] get the current context

vsx set [vsys name/id] set your context

fw -vs [vsys id] getifs show the interfaces for a virtual device

fw vsx stat -l shows a list of the virtual devices and installed policies

fw vsx stat -v shows a list of the virtual devices and installed policies (verbose)

reset_gw resets the gateway, clearing all previous virtual devices and settings.