This is a list of several Check Point SPLAT commands that I use frequently. Perhaps this CLI tip sheet for Secure Platform is useful to you too:
clock | display date and time on firewall |
cpconfig | change SIC, licenses and more |
cphaprob ldstat | display sync serialization statistics |
cphaprob stat | list the state of the high availability cluster members. Should show active and standby devices. |
cphaprob syncstat | display sync transport layer statistics |
cphastop | stop a cluster member from passing traffic. Stops synchronization. (emergency only) |
cplic print | license information |
cpstart | start all checkpoint services |
cpstat fw | show policy name, policy install time and interface table |
cpstat ha | high availability state |
cpstat os -f all | checkpoint interface table, routing table, version, memory status, cpu load, disk space |
cpstat os -f cpu | checkpoint cpu status |
cpstat os -f routing | checkpoint routing table |
cpstop | stop all checkpoint services |
cpwd_admin monitor_list | list processes actively monitored. Firewall should contain cpd and vpnd. |
expert | change from the initial administrator privilege to advanced privilege |
find / -type f -size 10240k -exec ls -la {} \; | Search for files larger than 10Mb |
fw ctl iflist | show interface names |
fw ctl pstat | show control kernel memory and connections |
fw exportlog -o | export the current log file to ascii |
fw fetch 10.0.0.42 | get the policy from the firewall manager (use this only if there are problems on the firewall) |
fw log | show the content of the connections log |
fw log -b <MMM DD, YYYY HH:MM:SS> <MMM DD, YYYY HH:MM:SS> | search the current log for activity between specific times, eg fw log -b "Jul 23, 2009 15:01:30" "Jul 23,2009 15:15:00" |
fw log -c drop | search for dropped packets in the active log; also can use accept or reject to search |
fw log -f | tail the current log |
fwm logexport -i <log name> -o <output name> | export an old log file on the firewall manager |
fw logswitch | rotate logs |
fw lslogs | list firewall logs |
fw stat | firewall status, should contain the name of the policy and the relevant interfaces, i.e. Standard_5_1_1_1_1 [>eth4] [<eth4] [<eth5] [>eth0.900] [<eth0.900] |
fw stat -l | show which policy is associated with which interface and package drop, accept and reject |
fw tab | displays firewall tables |
fw tab -s -t connections | number of connections in state table |
fw tab -t xlate -x | clear all translated entries (emergency only) |
fw unloadlocal | clear local firewall policy (emergency only) |
fw ver | firewall version |
fwm lock_admin -h | unlock a user account after repeated failed log in attempts |
fwm ver | firewall manager version (on SmartCenter) |
ifconfig -a | list all interfaces |
log list | list the names of the logs |
log show <list #> | display a specific log, ‘log show 33’ will display "Can’t find my SIC name in registry" if there are communication problems |
netstat -an | more | check what ports are in use or listening |
netstat -rn | routing table |
passwd | change the current user’s password |
ps -ef | list running processes |
sysconfig | configure date/time, network, dns, ntp |
upgrade_import | run ‘/opt/CPsuite-R65/fw1/bin/upgrade_tools/upgrade_import’ after a system upgrade to import the old license and system information. |
hwclock | show the hardware clock. If the hardware and operating system clocks are off by more than a minute, sync the hardware clock to the OS with "hwclock –systohc" |
fw fetch 10.0.0.42 | Manually grab the policy from the mgmt server at 10.0.0.42 |
fw log -f | Shows you realtime logs on the firewall – will likely crash your terminal |
22 replies on “Check Point SPLAT Commands”
Its really helpful dude..Thanks for sharing and expecting more 🙂
Great….I thing you have done a GOOD JOB.
[…] View Article Source […]
any command to find serial number on a Checkpoint VSX appliance running on SPLAT..
I don’t have access to a VSX currently, but you should be able to grep for the serial on the dmidecode output. dmidecode | grep erial
dmidecode | grep “Serial Number”
Here are a few more commands that I use a lot
cpwd_admin list shows the list of cpd / fwd type processes and when they last started
cpd_sched_config print shows all of the processes that CPD handles
cpd_admin list shows a list of CPD addons
/bin/ls -al $FWDIR/log/fw.log | awk ‘{print $5}’ shows the size of the $FWDIR/log/fw.log file
/var/log/data/splat/scripts/get_model_num.sh Shows the model
Hi,
My management server fails to record logs, No log entries shows in the firewall page, what is the syntax to use on the firewall’s CLI to verify if the firewall is actually logging at all??
Any comment to view device uptime status of checkpoint provider 1 ?
‘top’ will show you uptime.
Good one James. Thanks.
Anyone to help how to either:
1. specifically pull only the rulebase from the firewall manager
Your input is highly appreciated thanks
There are a couple of ways, the web visualization tool is probably the easiest. Would an article on how to run this help? There is a detailed and somewhat obtuse article in the checkpoint SK about how to use/install, but I’d be happy to write an article if it helps.
Hi James – Thanks for your brilliant work. I recently did use ‘web visualization’ tool and it did save me quite a bit of time. The tool itself is quite easy to use.
Hi, am running checkpoint firewall R77.10 version can anyone help me how can i know whether am operating on secure platform or Gaia platform.
is there any command that will show existing network object group, nodes, services in R77.10 ?
how do I check the hardware address and Serial no. of the gateway running with SPLAT
Excellent reference. But I have a question – Is there a way to view the security policies (rules, objects, groups, etc) via the Check Point CLI? It’s not clear to me how or which command to use to achieve this. Thanks!
That is great job and very much helpful to troubleshoot…..
I am new to checkpoint and was wondering if you could confirm if the above list of commands hold true for checkpoint provider-1 R75.40 version as well. Also I would like to know how one could view all the policies/rules, NAT rules and network objects in SPLAT OS.
Hi,
I would like to know if these SPLAT commands are the same for CKP R75 version as well and also if provider-1 devices use the same commands.
Also, it would be great if anyone could help me with the commands to view policy and NAT rules from a provider-1 device.
Is there a way to display(show) the entire configuration via cli?