Monday, December 27, 2010

                                                      CP,FW &FWM

cphaprob stat                                 List cluster status
cphaprob -a if                                 List status of interfaces
cphaprob syncstat                         shows the sync status
cphaprob list                                  Shows a status in list form
cphastart/stop                                Stops clustering on the specfic node
cp_conf sic                                    SIC stuff
cpconfig                                         Config util
cplic print                                        Prints the license
cprestart                                         Restarts all Check Point Services
cpstart                                            Starts all Check Point Services
cpstop                                            Stops all Check Point Services
cpstop -fwflag -proc                      Stops all checkpoint Services but keeps policy active in kernel
cpwd_admin list                            List checkpoint processes
cplic print                                        Print all the licensing information.
cpstat -f all polsrv                          Show VPN Policy Server Stats
cpstat                                             Shows the status of the firewall

  
fw tab -t sam_blocked_ips           Block IPS via SmartTracker
fw tab -t connections -s                 Show connection stats
fw tab -t connections -f                  Show connections with IP instead of HEX
fw tab -t fwx_alloc -f                       Show fwx_alloc with IP instead of HEX
fw tab -t peers_count -s                Shows VPN stats
fw tab -t userc_users -s                Shows VPN stats
fw checklic                                                              Check license details
fw ctl get int [global kernel parameter]                 Shows the current value of a global kernel parameter
fw ctl set int [global kernel parameter]  [value]    Sets the current value of a global keneral parameter. Only 
                                                                                 Temp ; Cleared after reboot.    
fw ctl arp                                                                  Shows arp table
fw ctl install                                                              Install hosts internal interfaces
fw ctl ip_forwarding                                               Control IP forwarding
fw ctl pstat                                                              System Resource stats
fw ctl uninstall                                                         Uninstall hosts internal interfaces
fw exportlog .o                                                       Export current log file to ascii file
fw fetch                                                                   Fetch security policy and install
fw fetch localhost                                                   Installs (on gateway) the last installed policy.
fw hastat                                                                Shows Cluster statistics
fw lichosts                                                              Display protected hosts
fw log -f                                                                  Tail the current log file
fw log -s -e                                                             Retrieve logs between times
fw logswitch                                                           Rotate current log file
fw lslogs                                                                 Display remote machine log-file list
fw monitor                                                              Packet sniffer
fw printlic -p                                                           Print current Firewall modules
fw printlic                                                               Print current license details
fw putkey                                                               Install authenication key onto host
fw stat -l                                                                 Long stat list, shows which policies are installed
fw stat -s                                                               Short stat list, shows which policies are installed
fw unloadlocal                                                      Unload policy
fw ver -k                                                                Returns version, patch info and Kernal info
fwstart                                                                   Starts the firewall
fwstop                                                                   Stop the firewall

   
fwm lock_admin -v                                              View locked admin accounts
fwm dbexport -f user.txt                                       Used to export users , can also use dbimport
fwm_start                                                              starts the management processes
fwm -p                                                                   Print a list of Admin users
fwm -a                                                                   Adds an Admin
fwm -r                                                                    Delete an administrator

Provider 1
mdsenv [cma name]                                           Sets the mds environment
mcd                                                                      Changes your directory to that of the environment.
mds_setup                                                          To setup MDS Servers
mdsconfig                                                           Alternative to cpconfig for MDS servers
mdsstat                                                               To see the processes status
mdsstart_customer [cma name]                      To start cma
mdsstop_customer [cma name]                      To stop cma
cma_migrate                                                     To migrate an Smart center server to CMA
cmamigrate_assist                                           If you dont want to go through the pain of tar/zip/ftp and if                                                                   you wish to enable FTP on Smart center server

                                                            VPN Related Commands

 
vpn tu                                                                               VPN utility, allows you to rekey vpn
vpn ipafile_check ipassignment.conf detail‏                Verifies the ipassignment.conf file
dtps lic                                                                             show desktop policy license status
cpstat -f all polsrv                                                           show status of the dtps
vpn shell /tunnels/delete/IKE/peer/[peer ip]                 delete IKE SA
vpn shell /tunnels/delete/IPsec/peer/[peer ip]             delete Phase 2 SA
vpn shell /show/tunnels/ike/peer/[peer ip]                   show IKE SA
vpn shell /show/tunnels/ipsec/peer/[peer ip]               show Phase 2 SA
vpn shell show interface detailed [VTI name]             show VTI detail

                                                                  Debugging

fw ctl zdebug drop                                  shows dropped packets in realtime / gives reason for drop

                                                                SPLAT Only

router                       Enters router mode for use on Secure Platform Pro for advanced routing options
patch add cd            Allows you to mount an iso and upgrade your checkpoint software (SPLAT Only)
backup                    Allows you to preform a system operating system backup
restore                     Allows you to restore your backup
snapshot                  Performs a system backup which includes all Check Point binaries. Note                                    This issues a  cpstop
VSX
vsx get [vsys name/id]                          get the current context
vsx set [vsys name/id]                          set your context
fw -vs [vsys id] getifs                            show the interfaces for a virtual device
fw vsx stat -l                                           shows a list of the virtual devices and installed policies
fw vsx stat -v                                          shows a list of the virtual devices and installed policies (verbose)
reset_gw                                                resets the gateway, clearing all previous virtual devices and settings. 




































No comments: