luni, 4 martie 2013

Check Point SPLAT Commands

Check Point SPLAT Commands

 
This is a list of several Check Point SPLAT commands that I use frequently. Perhaps this CLI tip sheet for Secure Platform is useful to you too:

clockdisplay date and time on firewall
cpconfigchange SIC, licenses and more
cphaprob ldstatdisplay sync serialization statistics
cphaprob statlist the state of the high availability cluster members. Should show active and standby devices.
cphaprob syncstatdisplay sync transport layer statistics
cphastopstop a cluster member from passing traffic. Stops synchronization. (emergency only)
cplic printlicense information
cpstartstart all checkpoint services
cpstat fwshow policy name, policy install time and interface table
cpstat hahigh availability state
cpstat os -f allcheckpoint interface table, routing table, version, memory status, cpu load, disk space
cpstat os -f cpucheckpoint cpu status
cpstat os -f routingcheckpoint routing table
cpstopstop all checkpoint services
cpwd_admin monitor_listlist processes actively monitored. Firewall should contain cpd and vpnd.
expertchange from the initial administrator privilege to advanced privilege
find / -type f -size 10240k -exec ls -la {} \;Search for files larger than 10Mb
fw ctl iflistshow interface names
fw ctl pstatshow control kernel memory and connections
fw exportlog -oexport the current log file to ascii
fw fetch 10.0.0.42get the policy from the firewall manager (use this only if there are problems on the firewall)
fw logshow the content of the connections log
fw log -b <MMM DD, YYYY HH:MM:SS> <MMM DD, YYYY HH:MM:SS>search the current log for activity between specific times, eg
fw log -b "Jul 23, 2009 15:01:30" "Jul 23,2009 15:15:00"
fw log -c dropsearch for dropped packets in the active log; also can use accept or reject to search
fw log -ftail the current log
fwm logexport -i <log name> -o <output name>export an old log file on the firewall manager
fw logswitchrotate logs
fw lslogslist firewall logs
fw statfirewall status, should contain the name of the policy and the relevant interfaces, i.e. Standard_5_1_1_1_1 [>eth4] [<eth4] [<eth5] [>eth0.900] [<eth0.900]
fw stat -lshow which policy is associated with which interface and package drop, accept and reject
fw tabdisplays firewall tables
fw tab -s -t connectionsnumber of connections in state table
fw tab -t xlate -xclear all translated entries (emergency only)
fw unloadlocalclear local firewall policy (emergency only)
fw verfirewall version
fwm lock_admin -hunlock a user account after repeated failed log in attempts
fwm verfirewall manager version (on SmartCenter)
ifconfig -alist all interfaces
log listlist the names of the logs
log show <list #>display a specific log, ‘log show 33′ will display "Can’t find my SIC name in registry" if there are communication problems
netstat -an | morecheck what ports are in use or listening
netstat -rnrouting table
passwdchange the current user’s password
ps -eflist running processes
sysconfigconfigure date/time, network, dns, ntp
upgrade_importrun ‘/opt/CPsuite-R65/fw1/bin/upgrade_tools/upgrade_import’ after a system upgrade to import the old license and system information.
hwclockshow the hardware clock. If the hardware and operating system clocks are off by more than a minute, sync the hardware clock to the OS with "hwclock –systohc"
fw fetch 10.0.0.42Manually grab the policy from the mgmt server at 10.0.0.42
fw log -f

Shows you realtime logs on the firewall – will likely crash your terminal

Niciun comentariu:

Trimiteți un comentariu