To pull the latest policy from the management station: fw fetch
Display the name of the policy installed and the date it was received: fw stat
View the Checkpoint version installed: fw ver
Display cpu, memory, and disk usage: fw ctl pstat
Delete all hosts from the connections table: fw tab -t host_ip_addrs –x
Display logs on the firewall for a specific IP: fw log –n –ft | grep
Troubleshoot source/destination access issues: fw monitor -m iIOo -e 'accept src=10.33.76.82 and dst=10.33.76.82;'
Manage VPN connections (view and delete): vpn tu
Turn on debugging for VPN's: vpndebug on and vpn debug ikeon
This will create 2 files in $FWDIR/logs. vpnd.elg (this can be viewed on the firewall using cat. It will show highlevel VPN connection information), and ike.elg (this is the bread and butter of Checkpoint VPN troubleshooting. Click here to read my ikeview guide).
Display SIC key: cp_conf sic get
High Availabiliy: cphaprob stat -display HA status
cphaprob -i -display HA interface stats
cphastop/cphastart -stop/start HA
View license key installed: cplic print
Delete all active hosts: fw tab -t host_ip_addrs –x
Post a Comment