Check Point SPLAT Commands
This is a list of several Check Point SPLAT commands that I use frequently. Perhaps this CLI tip sheet for Secure Platform is useful to you too:
clock | display date and time on firewall |
cpconfig | change SIC, licenses and more |
cphaprob ldstat | display sync serialization statistics |
cphaprob stat | list the state of the high availability cluster members. Should show active and standby devices. |
cphaprob syncstat | display sync transport layer statistics |
cphastop | stop a cluster member from passing traffic. Stops synchronization. (emergency only) |
cplic print | license information |
cpstart | start all checkpoint services |
cpstat fw | show policy name, policy install time and interface table |
cpstat ha | high availability state |
cpstat os -f all | checkpoint interface table, routing table, version, memory status, cpu load, disk space |
cpstat os -f cpu | checkpoint cpu status |
cpstat os -f routing | checkpoint routing table |
cpstop | stop all checkpoint services |
cpwd_admin monitor_list | list processes actively monitored. Firewall should contain cpd and vpnd. |
expert | change from the initial administrator privilege to advanced privilege |
find / -type f -size 10240k -exec ls -la {} \; | Search for files larger than 10Mb |
fw ctl iflist | show interface names |
fw ctl pstat | show control kernel memory and connections |
fw exportlog -o | export the current log file to ascii |
fw fetch 10.0.0.42 | get the policy from the firewall manager (use this only if there are problems on the firewall) |
fw log | show the content of the connections log |
fw log -b <MMM DD, YYYY HH:MM:SS> <MMM DD, YYYY HH:MM:SS> | search the current log for activity between specific times, eg fw log -b "Jul 23, 2009 15:01:30" "Jul 23,2009 15:15:00" |
fw log -c drop | search for dropped packets in the active log; also can use accept or reject to search |
fw log -f | tail the current log |
fwm logexport -i <log name> -o <output name> | export an old log file on the firewall manager |
fw logswitch | rotate logs |
fw lslogs | list firewall logs |
fw stat | firewall status, should contain the name of the policy and the relevant interfaces, i.e. Standard_5_1_1_1_1 [>eth4] [<eth4] [<eth5] [>eth0.900] [<eth0.900] |
fw stat -l | show which policy is associated with which interface and package drop, accept and reject |
fw tab | displays firewall tables |
fw tab -s -t connections | number of connections in state table |
fw tab -t xlate -x | clear all translated entries (emergency only) |
fw unloadlocal | clear local firewall policy (emergency only) |
fw ver | firewall version |
fwm lock_admin -h | unlock a user account after repeated failed log in attempts |
fwm ver | firewall manager version (on SmartCenter) |
ifconfig -a | list all interfaces |
log list | list the names of the logs |
log show <list #> | display a specific log, ‘log show 33′ will display "Can’t find my SIC name in registry" if there are communication problems |
netstat -an | more | check what ports are in use or listening |
netstat -rn | routing table |
passwd | change the current user’s password |
ps -ef | list running processes |
sysconfig | configure date/time, network, dns, ntp |
upgrade_import | run ‘/opt/CPsuite-R65/fw1/bin/upgrade_tools/upgrade_import’ after a system upgrade to import the old license and system information. |
hwclock | show the hardware clock. If the hardware and operating system clocks are off by more than a minute, sync the hardware clock to the OS with "hwclock –systohc" |
fw fetch 10.0.0.42 | Manually grab the policy from the mgmt server at 10.0.0.42 |
fw log -f | Shows you realtime logs on the firewall – will likely crash your terminal |
Niciun comentariu:
Trimiteți un comentariu