Check Point SPLAT Commands
This is a list of several Check Point SPLAT commands that I use frequently. Perhaps this CLI tip sheet for Secure Platform is useful to you too:
| clock | display date and time on firewall |
| cpconfig | change SIC, licenses and more |
| cphaprob ldstat | display sync serialization statistics |
| cphaprob stat | list the state of the high availability cluster members. Should show active and standby devices. |
| cphaprob syncstat | display sync transport layer statistics |
| cphastop | stop a cluster member from passing traffic. Stops synchronization. (emergency only) |
| cplic print | license information |
| cpstart | start all checkpoint services |
| cpstat fw | show policy name, policy install time and interface table |
| cpstat ha | high availability state |
| cpstat os -f all | checkpoint interface table, routing table, version, memory status, cpu load, disk space |
| cpstat os -f cpu | checkpoint cpu status |
| cpstat os -f routing | checkpoint routing table |
| cpstop | stop all checkpoint services |
| cpwd_admin monitor_list | list processes actively monitored. Firewall should contain cpd and vpnd. |
| expert | change from the initial administrator privilege to advanced privilege |
| find / -type f -size 10240k -exec ls -la {} \; | Search for files larger than 10Mb |
| fw ctl iflist | show interface names |
| fw ctl pstat | show control kernel memory and connections |
| fw exportlog -o | export the current log file to ascii |
| fw fetch 10.0.0.42 | get the policy from the firewall manager (use this only if there are problems on the firewall) |
| fw log | show the content of the connections log |
| fw log -b <MMM DD, YYYY HH:MM:SS> <MMM DD, YYYY HH:MM:SS> | search the current log for activity between specific times, eg fw log -b "Jul 23, 2009 15:01:30" "Jul 23,2009 15:15:00" |
| fw log -c drop | search for dropped packets in the active log; also can use accept or reject to search |
| fw log -f | tail the current log |
| fwm logexport -i <log name> -o <output name> | export an old log file on the firewall manager |
| fw logswitch | rotate logs |
| fw lslogs | list firewall logs |
| fw stat | firewall status, should contain the name of the policy and the relevant interfaces, i.e. Standard_5_1_1_1_1 [>eth4] [<eth4] [<eth5] [>eth0.900] [<eth0.900] |
| fw stat -l | show which policy is associated with which interface and package drop, accept and reject |
| fw tab | displays firewall tables |
| fw tab -s -t connections | number of connections in state table |
| fw tab -t xlate -x | clear all translated entries (emergency only) |
| fw unloadlocal | clear local firewall policy (emergency only) |
| fw ver | firewall version |
| fwm lock_admin -h | unlock a user account after repeated failed log in attempts |
| fwm ver | firewall manager version (on SmartCenter) |
| ifconfig -a | list all interfaces |
| log list | list the names of the logs |
| log show <list #> | display a specific log, ‘log show 33′ will display "Can’t find my SIC name in registry" if there are communication problems |
| netstat -an | more | check what ports are in use or listening |
| netstat -rn | routing table |
| passwd | change the current user’s password |
| ps -ef | list running processes |
| sysconfig | configure date/time, network, dns, ntp |
| upgrade_import | run ‘/opt/CPsuite-R65/fw1/bin/upgrade_tools/upgrade_import’ after a system upgrade to import the old license and system information. |
| hwclock | show the hardware clock. If the hardware and operating system clocks are off by more than a minute, sync the hardware clock to the OS with "hwclock –systohc" |
| fw fetch 10.0.0.42 | Manually grab the policy from the mgmt server at 10.0.0.42 |
| fw log -f | Shows you realtime logs on the firewall – will likely crash your terminal |
Niciun comentariu:
Trimiteți un comentariu