Information Technology Grimoire

Version .0.0.1

IT Notes from various projects because I forget, and hopefully they help you too.

cheatsheet

Docs

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_CLI_ReferenceGuide/Front-Matter/Front-Matter-How-to-Search-in-this-Book.htm?tocpath=_____1 https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_CLI_ReferenceGuide/Topics-CLIG/Syntax-Legend.htm?tocpath=_____4

Firewall/Useful

CommandDescription
cpconfigchange SIC, licenses and more
cpview -tshow top style performance counters
cphaprob statlist the state of the high availability cluster members. Should show active and standby devices.
cphaprob -a ifdisplay status of monitored interfaces in a cluster
cphaprob -l listdisplay registered cluster devices and status
cphaprob syncstatdisplay sync transport layer statistics
cphaprob ldstatdisplay sync serialization statistics
cphastopstop a cluster member from passing traffic. Stops synchronization. (emergency only)
clusterXL_admin down –pdisable this node from cluster membership
cphaconf cluster_id getget cluster Global ID membership
cplic printlicense information
cpstartstart all checkpoint services
cpstat fwshow policy name, policy install time and interface table
cpstat hahigh availability state
cpstat bladestop rule hits and amount of connections
cpstat os -f allcheckpoint interface table, routing table, version, memory status, cpu load, disk space
cpstat os -f cpucheckpoint cpu status
cpstat os -f multi_cpucheckpoint cpu load distribution
cpstat os -f sensorshardware environment (temperature/fan/voltage)
cpstat os -f routingcheckpoint routing table
cpstopstop all checkpoint services
cpwd_admin monitor_listlist processes actively monitored. Firewall should contain cpd and vpnd.
show asset allshow serial numbers and hardware info
show route destination xx.xx.xx.xxshow routing for specific host
ip route get xx.xx.xx.xxshow routing for specific host
iclid / show cluster stateshow cluster fail over history

General FW Commands

CommandDescription
fw verfirewall version
fw ctl iflistshow interface names
fw ctl pstatshow control kernel memory and connections
fwaccel statshow SecureXL status
fw fetch get the policy from the firewall manager
fwm load compile and install a policy on the target’s gateways.
fw getifslist interfaces and IP addresses
fw logshow the content of the connections log
fw log -b “MMM DD, YYYY HH:MM:SS” “MMM DD, YYYY HH:MM:SS”search the current log for activity between specific times
fw log -c dropsearch for dropped packets in the active log; also can use accept or reject to search
fw log -ftail the current log
fwm logexport -i -o -n -pexport an old log file on the firewall manager
fw logswitchrotate logs
fw lslogslist firewall logs
fw statfirewall status, should contain the name of the policy and the relevant interfaces.
fw stat -lshow which policy is associated with which interface and package drop, accept and reject
fw tabdisplays firewall tables
fw tab -s -t connectionsnumber of connections in state table
fw tab -s -t userc_usersnumber of remote users connected (VPN)
fw tab -t xlate -xclear all translated entries
fw unloadlocalclear local firewall policy
fw monitor -e “accept host(10.1.1.10);”trace the packet flow to/from the specified host
fw ctl zdebug + drop | grep ‘x.x.x.x|y.y.y.y’Check reason of your packet being dropped

Provider 1 Commands

CommandDescription
mdsenv [cma name]Sets the mds environment
mcdChanges your directory to that of the environment.
mds_setupTo setup MDS Servers
mdsconfigAlternative to cpconfig for MDS servers
mdsstatTo see the processes status
mdsstart_customer [cma name]To start cma
mdsstop_customer [cma name]To stop cma
cma_migrateTo migrate an Smart center server to CMA
cmamigrate_assistIf you dont want to go through the pain of tar/zip/ftp and if you wish to enable FTP on Smart center server

VPN Commands

CommandDescription
vpn tuVPN utility, allows you to rekey vpn
vpn ipafile_check ipassignment.conf detail‏Verifies the ipassignment.conf file
dtps licshow desktop policy license status
cpstat -f all polsrvshow status of the dtps
vpn shell /tunnels/delete/IKE/peer/[peer ip]delete IKE SA
vpn shell /tunnels/delete/IPsec/peer/[peer ip]delete Phase 2 SA
vpn shell /show/tunnels/ike/peer/[peer ip]show IKE SA
vpn shell /show/tunnels/ipsec/peer/[peer ip]show Phase 2 SA
vpn shell show interface detailed [VTI name]show VTI detail

Gaia Show (Clish) Commands

CommandDescription
save configsave the current configuration
show commandsshows all commands
show allowed-client allshow allowed clients
show arp dynamic alldisplays the dynamic arp entries
show arp proxy allshows proxy arp
show arp static alldisplays all the static arp entry
show asdisplays autonomous system number
show assets alldisplay hardware information
show bgp statsshows bgp statistics
show bgp summaryshows summary information about bgp
show vrrp statsshow vrrp statistics
show bootp statsshows bootp/dhcp relay statistics
show bootp interfaceshow all bootp/dhcp relay interfaces
show bonding groupshow all bonding groups
show bridging groupsshow all bridging groups
show backupsshows a list of local backups
show backup statusshow the status of a backup or restore operation being performed
show backup last-successfulshow the latest successful backup
show backup logsshow the logs of the recent backups/restores performed
show clockshow current clock
show configurationshow configuration
show-config stateshows the state of configuration either saved or unsaved
show dateshows date
show dns primaryshows primary dns server
show dns secondaryshows secondary dns server
show extended commandsshows all extended commands
show groupsshows all user groups
show hostnameshow host name
show inactivity-timeoutshows inactivity-timeout settings
show interfacesshows all interfaces
show interfaces ethxshows settings related to an interface “x
show interfacesshow detailed information about all interfaces
show ipv6-stateshows ipv6 status as enabled or disabled
show management interfaceshows management interface configuration
show ntp activeshows ntp status as enabled or disabled
show ntp serversshows ntp servers
show ospf databaseshows ospf database information
show ospf neighborsshows ospf neighbors information
show ospf summaryshows ospf summary information
show pbr rulesshows policy based routing rules
show pbr summaryshows policy based routing summary information
show pbr tablesshow pbr tables
show routeshows routing table
show routed versionshows information about routed version
show snapshotsshows a list of local snapshots
show snmp agent-versionshows whether the version is v1/v2/v3
show snmp interfacesshows snmp agent interface
show snmp traps receiversshows snmp trap receivers
show timeshows local machine time
show timezoneshow configured timezone
show uptimeshow system uptime
show usersshow configured users and their homedir, uid/gid and shell
show user shows settings related to a particular user
show version allshows version related to os edition, kernel version, product version etc
show virtual-system allshow virtual-systems configured
show vpn tunnelsuse to show the vpn tunnels
show vrrp statsshows vrrp status
show vrrp interfacesshows vrrp enabled interfaces

Gaia Set (Clish) Commands

CommandDescription
add allowed-client host any-host / add allowed-client host <ip address>add any host to the allowed clients list/ add allowed client by ipv4 address
add backup localcreate and store a backup file in /var/cpbackups/backups/ (on open servers) or /var/log/cpbackup/backups/ (on checkpoint appliances)
add backup scp ip <value> path <value> username <value>adds backup to scp server
add backup tftp ip <value> [ interactive ]adds backup to tftp server
add snapshotcreate snapshots which backs up everything like os configuration, checkpoint configuration, versions, patch level), including the drivers
add syslog log-remote-address <ip address> level <emerg/alert/crit/err/warning/notice/info/debug/all>specifies syslog parameters
add user <username> uid <user-id-value> homedircreates a user
expertexecutes system shell
haltput system to halt
historyshows command history
lock database overrideoverrides the config-lock settings
quitexits out of a shell
rebootreboots a system
restore backup local [value]restores local backup interactively
rollbackends the transaction mode by reverting the changes made during transaction
save configsave the current configuration
set backup restore local <filename>restores a local backup
set core-dump <enable/disable>enable/disable core dumps
set date yyyy-mm-ddsets system date
set dhcp server enableenable dhcp server
set dns primary <x.x.x.x>sets primary dns ip address
set dns secondary <x.x.x.x>sets secondary dns ip address
set expert-passwordset or change password for entering into expert mode
set edition default <value>set the default edition to 32-bit or 64-bit
set hostname <value>sets system hostname
set inactivity-timeout <value>sets the inactivity timeout
set interface ethx ipv4-address x.x.x.x mask-length 24adds ip address to an interface
set ipv6-state on/offsets ipv6 status as on or off
set kernel-routes on/offsets kernel routes to on/off state
set management interface <interface name>sets an interface as management interface
set message motd <value>sets message of the day
set ntp active on/offactivates ntp on/off
set ntp server primary x.x.x.x version <1/2/3/4>sets primary ntp server
set ntp server secondary x.x.x.x version <1/2/3/4>sets secondary ntp server
set snapshot revert<filename>revert the machine to the selected snapshot
set snmp agent on/offsets the snmp agent daemon on/off
set snmp agent-version <value>sets snmp agent version
set snmp community <value> read-onlysets snmp readonly community string
add snmp interface <interface name>sets snmp agent interface
set snmp traps receiver <ip address> version v1 community <value>specifies trap receiver
set snmp traps trap <value>set snmp traps
set static-route x.x.x.x/24 nexthop gateway address x.x.x.x onadds specific static route
set time <value>sets system time
set time zone <time-zone>sets the time zone
set vsx offsets vsx mode on
set vsx onsets vsx mode off
set user <username> passwordsets users password
set web session-timeout <value>sets web configuration session time-out in minutes
set web ssl-port <value>sets the web ssl-port for the system

SPLAT CLI Commands

CommandDescription
routerEnters router mode for use on Secure Platform Pro for advanced routing options
patch add cdAllows you to mount an iso and upgrade your checkpoint software (SPLAT Only)
backupAllows you to perform a system operating system backup
restoreAllows you to restore your backup
snapshotPerforms a system backup which includes all Check Point binaries. Note: This issues a cpstop.

VSX CLI Commands

CommandDescription
vsx get [vsys name/id]get the current context
vsx set [vsys name/id]set your context
fw -vs [vsys id] getifsshow the interfaces for a virtual device
fw vsx stat -lshows a list of the virtual devices and installed policies
fw vsx stat -vshows a list of the virtual devices and installed policies (verbose)
reset_gwresets the gateway, clearing all previous virtual devices and settings.