Checkpoint 常用指令
- cp - general
- fw - firewall
- fwm - management
CP, FW & FWM Commands
| cphaprob stat | List cluster status |
| cphaprob -a if | List status of interfaces |
| cphaprob syncstat | shows the sync status |
| cphaprob list | Shows a status in list form |
| cphastart/stop | Stops clustering on the specfic node |
| cp_conf sic | SIC stuff |
| cpconfig | config util |
| cplic print | prints the license |
| cprestart | Restarts all Checkpoint Services |
| cpstart | Starts all Checkpoint Services |
| cpstop | Stops all Checkpoint Services |
| cpstop -fwflag -proc | Stops all checkpoint Services but keeps policy active in kernel |
| cpwd_admin list | List checkpoint processes |
| cplic print | Print all the licensing information. |
| cpstat -f all polsrv | Show VPN Policy Server Stats |
| cpstat | Shows the status of the firewall |
| fw tab -t sam_blocked_ips | Block IPS via SmartTracker |
| fw tab -t connections -s | Show connection stats |
| fw tab -t connections -f | Show connections with IP instead of HEX |
| fw tab -t fwx_alloc -f | Show fwx_alloc with IP instead of HEX |
| fw tab -t peers_count -s | Shows VPN stats |
| fw tab -t userc_users -s | Shows VPN stats |
| fw checklic | Check license details |
| fw ctl get int [global kernel parameter] | Shows the current value of a global kernel parameter |
| fw ctl set int [global kernel parameter] [value] | Sets the current value of a global keneral parameter. Only Temp ; Cleared after reboot. |
| fw ctl arp | Shows arp table |
| fw ctl install | Install hosts internal interfaces |
| fw ctl ip_forwarding | Control IP forwarding |
| fw ctl pstat | System Resource stats |
| fw ctl uninstall | Uninstall hosts internal interfaces |
| fw exportlog .o | Export current log file to ascii file |
| fw fetch | Fetch security policy and install |
| fw fetch localhost | Installs (on gateway) the last installed policy. |
| fw hastat | Shows Cluster statistics |
| fw lichosts | Display protected hosts |
| fw log -f | Tail the current log file |
| fw log -s -e | Retrieve logs between times |
| fw logswitch | Rotate current log file |
| fw lslogs | Display remote machine log-file list |
| fw monitor | Packet sniffer |
| fw printlic -p | Print current Firewall modules |
| fw printlic | Print current license details |
| fw putkey | Install authenication key onto host |
| fw stat -l | Long stat list, shows which policies are installed |
| fw stat -s | Short stat list, shows which policies are installed |
| fw unloadlocal | Unload policy |
| fw ver -k | Returns version, patch info and Kernal info |
| fwstart | Starts the firewall |
| fwstop | Stop the firewall |
| fwm lock_admin -v | View locked admin accounts |
| fwm dbexport -f user.txt | used to export users , can also use dbimport |
| fwm_start | starts the management processes |
| fwm -p | Print a list of Admin users |
| fwm -a | Adds an Admin |
| fwm -r | Delete an administrator |
Provider 1
| mdsenv [cma name] | Sets the mds environment |
| mcd | Changes your directory to that of the environment. |
| mds_setup | To setup MDS Servers |
| mdsconfig | Alternative to cpconfig for MDS servers |
| mdsstat | To see the processes status |
| mdsstart_customer [cma name] | To start cma |
| mdsstop_customer [cma name] | To stop cma |
| cma_migrate | To migrate an Smart center server to CMA |
| cmamigrate_assist | If you dont want to go through the pain of tar/zip/ftp and if you wish to enable FTP on Smart center server |
VPN
| vpn tu | VPN utility, allows you to rekey vpn |
| vpn ipafile_check ipassignment.conf detail | Verifies the ipassignment.conf file |
| dtps lic | show desktop policy license status |
| cpstat -f all polsrv | show status of the dtps |
| vpn shell /tunnels/delete/IKE/peer/[peer ip] | delete IKE SA |
| vpn shell /tunnels/delete/IPsec/peer/[peer ip] | delete Phase 2 SA |
| vpn shell /show/tunnels/ike/peer/[peer ip] | show IKE SA |
| vpn shell /show/tunnels/ipsec/peer/[peer ip] | show Phase 2 SA |
| vpn shell show interface detailed [VTI name] | show VTI detail |
Debugging
| fw ctl zdebug drop | shows dropped packets in realtime / gives reason for drop |
SPLAT Only
| router | Enters router mode for use on Secure Platform Pro for advanced routing options |
| patch add cd | Allows you to mount an iso and upgrade your checkpoint software (SPLAT Only) |
| backup | Allows you to preform a system operating system backup |
| restore | Allows you to restore your backup |
| snapshot | Performs a system backup which includes all Checkpoint binaries. Note : This issues a cpstop. |
VSX
| vsx get [vsys name/id] | get the current context |
| vsx set [vsys name/id] | set your context |
| fw -vs [vsys id] getifs | show the interfaces for a virtual device |
| fw vsx stat -l | shows a list of the virtual devices and installed policies |
| fw vsx stat -v | shows a list of the virtual devices and installed policies (verbose) |
| reset_gw | resets the gateway, clearing all previous virtual devices and settings. |
沒有留言:
張貼留言