Categories
Check Point

Check Point SPLAT Commands

This is a list of several Check Point SPLAT commands that I use frequently. Perhaps this CLI tip sheet for Secure Platform is useful to you too:

clock display date and time on firewall
cpconfig change SIC, licenses and more
cphaprob ldstat display sync serialization statistics
cphaprob stat list the state of the high availability cluster members. Should show active and standby devices.
cphaprob syncstat display sync transport layer statistics
cphastop stop a cluster member from passing traffic. Stops synchronization. (emergency only)
cplic print license information
cpstart start all checkpoint services
cpstat fw show policy name, policy install time and interface table
cpstat ha high availability state
cpstat os -f all checkpoint interface table, routing table, version, memory status, cpu load, disk space
cpstat os -f cpu checkpoint cpu status
cpstat os -f routing checkpoint routing table
cpstop stop all checkpoint services
cpwd_admin monitor_list list processes actively monitored. Firewall should contain cpd and vpnd.
expert change from the initial administrator privilege to advanced privilege
find / -type f -size 10240k -exec ls -la {} \; Search for files larger than 10Mb
fw ctl iflist show interface names
fw ctl pstat show control kernel memory and connections
fw exportlog -o export the current log file to ascii
fw fetch 10.0.0.42 get the policy from the firewall manager (use this only if there are problems on the firewall)
fw log show the content of the connections log
fw log -b <MMM DD, YYYY HH:MM:SS> <MMM DD, YYYY HH:MM:SS> search the current log for activity between specific times, eg
fw log -b "Jul 23, 2009 15:01:30" "Jul 23,2009 15:15:00"
fw log -c drop search for dropped packets in the active log; also can use accept or reject to search
fw log -f tail the current log
fwm logexport -i <log name> -o <output name> export an old log file on the firewall manager
fw logswitch rotate logs
fw lslogs list firewall logs
fw stat firewall status, should contain the name of the policy and the relevant interfaces, i.e. Standard_5_1_1_1_1 [>eth4] [<eth4] [<eth5] [>eth0.900] [<eth0.900]
fw stat -l show which policy is associated with which interface and package drop, accept and reject
fw tab displays firewall tables
fw tab -s -t connections number of connections in state table
fw tab -t xlate -x clear all translated entries (emergency only)
fw unloadlocal clear local firewall policy (emergency only)
fw ver firewall version
fwm lock_admin -h unlock a user account after repeated failed log in attempts
fwm ver firewall manager version (on SmartCenter)
ifconfig -a list all interfaces
log list list the names of the logs
log show <list #> display a specific log, ‘log show 33’ will display "Can’t find my SIC name in registry" if there are communication problems
netstat -an | more check what ports are in use or listening
netstat -rn routing table
passwd change the current user’s password
ps -ef list running processes
sysconfig configure date/time, network, dns, ntp
upgrade_import run ‘/opt/CPsuite-R65/fw1/bin/upgrade_tools/upgrade_import’ after a system upgrade to import the old license and system information.
hwclock show the hardware clock. If the hardware and operating system clocks are off by more than a minute, sync the hardware clock to the OS with "hwclock –systohc"
fw fetch 10.0.0.42 Manually grab the policy from the mgmt server at 10.0.0.42
fw log -f Shows you realtime logs on the firewall – will likely crash your terminal

22 replies on “Check Point SPLAT Commands”

Here are a few more commands that I use a lot
cpwd_admin list shows the list of cpd / fwd type processes and when they last started
cpd_sched_config print shows all of the processes that CPD handles
cpd_admin list shows a list of CPD addons
/bin/ls -al $FWDIR/log/fw.log | awk ‘{print $5}’ shows the size of the $FWDIR/log/fw.log file
/var/log/data/splat/scripts/get_model_num.sh Shows the model

Hi,
My management server fails to record logs, No log entries shows in the firewall page, what is the syntax to use on the firewall’s CLI to verify if the firewall is actually logging at all??

Anyone to help how to either:
1. specifically pull only the rulebase from the firewall manager
Your input is highly appreciated thanks

There are a couple of ways, the web visualization tool is probably the easiest. Would an article on how to run this help? There is a detailed and somewhat obtuse article in the checkpoint SK about how to use/install, but I’d be happy to write an article if it helps.

Hi James – Thanks for your brilliant work. I recently did use ‘web visualization’ tool and it did save me quite a bit of time. The tool itself is quite easy to use.

Hi, am running checkpoint firewall R77.10 version can anyone help me how can i know whether am operating on secure platform or Gaia platform.

Excellent reference. But I have a question – Is there a way to view the security policies (rules, objects, groups, etc) via the Check Point CLI? It’s not clear to me how or which command to use to achieve this. Thanks!

I am new to checkpoint and was wondering if you could confirm if the above list of commands hold true for checkpoint provider-1 R75.40 version as well. Also I would like to know how one could view all the policies/rules, NAT rules and network objects in SPLAT OS.

Hi,
I would like to know if these SPLAT commands are the same for CKP R75 version as well and also if provider-1 devices use the same commands.
Also, it would be great if anyone could help me with the commands to view policy and NAT rules from a provider-1 device.

Leave a Reply to Anonymous Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.